cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.1.17.19 - Nicolas Coolman (17-01-14)
~ Lancé par Epcs (22-01-14 12:11:06)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Désactivée par l'utilisateur
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16750 (Defaut)
GCIE: Google Chrome v32.0.1700.76

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : XTJYG
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2011
Windows Defender W8

---\\ Logiciels d'optimisation du système
CCleaner v4.07 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels

---\\ Informations sur le système
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 5706 MB (78% free)
System Restore: Activé (Enable)
System drive C: has 1 GB (0%) free of 444 GB

---\\ Mode de connexion au système
~ Computer Name: HOME
~ User Name: Epcs
~ All Users Names: HomeGroupUser$, Epcs, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Epcs\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Epcs\AppData\Roaming\
~ %Desktop% : C:\Users\Epcs\Desktop\
~ %Favorites% : C:\Users\Epcs\Favorites\
~ %LocalAppData% : C:\Users\Epcs\AppData\Local\
~ %StartMenu% : C:\Users\Epcs\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 1 Go of 444 Go)
D: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: 41 Scanned in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01-06-13 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26-07-12 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.E7099336BF7531B6FCC920DCB5101259] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.25-10-13 - 07:19:22.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.11-10-12 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26-07-12 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.04-09-13 - 04:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26-07-12 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26-07-12 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26-07-12 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26-07-12 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20-09-12 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26-07-12 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26-07-12 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05-02-13 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26-07-12 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02-02-13 - 11:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26-07-12 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26-07-12 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26-07-12 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26-07-12 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01-06-13 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/2345
~ Mes musiques (My Musics) : 1/3
~ Mes Favoris (My Favorites) : 1/77
~ Mes Documents (My Documents) : 1/74
~ Mon Bureau (My Desktop) : 1/6
~ Menu demarrer (Programs) : 1/28
~ Hidden Files: Scanned in 00mn 01s



---\\ Processus lancés
[MD5.0EFF23C3D910380746D4F56BA5C746C4] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [1192784] [PID.4364]
[MD5.307771C61D8DB417E1A89A25BF3E3F43] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\Epcs\AppData\Roaming\uTorrent\uTorrent.exe [1142864] [PID.4916] =>P2P.BitTorrent
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024] [PID.4940]
[MD5.1ACCA74287FE5D7449FBB2B9F0C83341] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe [309328] [PID.14204] =>Toolbar.Google
[MD5.E4F6125ED5185F8FA37CC4F449B85526] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [770608] [PID.14260]
[MD5.60A3399135BEFC6F4BADBD6C13A4AC24] - (.Microsoft Corporation - Hôte Microsoft WWA.) -- C:\Windows\syswow64\wwahost.exe [333824] [PID.7320]
[MD5.8E5651B04BE775696B32F7F1F5DA8871] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8336896] [PID.6568]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Epcs\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Scanned in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (10.00.9200.16384 (win8_rtm.120725-1247)) -- C:\Windows\SysWOW64\ieframe.dll
~ IE Browser: 12 Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: ExplorerBHO Class [64Bits] - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} . (.IvoSoft - Adds classic Windows Explorer features.) -- C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: avast! Online Security [64Bits] - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper [64Bits] - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O2 - BHO: URLRedirectionBHO [64Bits] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.dll
O2 - BHO: Microsoft SPFS Browser Helper [64Bits] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} . (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) -- C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.dll
O2 - BHO: ClassicIE9BHO Class [64Bits] - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} . (.IvoSoft - Customizations for the title bar and status.) -- C:\Program Files\Classic Shell\ClassicIE9dll_32.dll
O2 - BHO: CrossriderApp0033036 [64Bits] - {11111111-1111-1111-1111-110311301136} Clé orpheline =>PUP.CrossRider
O2 - BHO: CrossriderApp0035510 [64Bits] - {11111111-1111-1111-1111-110311551110} Clé orpheline =>PUP.CrossRider
O2 - BHO: (no name) [64Bits] - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
O2 - BHO: Microsoft Lync add-on BHO [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} Clé orpheline
O2 - BHO: ShopperProBHO [64Bits] - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} Clé orpheline
~ BHO: 17 Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar: Classic Explorer Bar - [HKLM]{553891B7-A0D5-4526-BE18-D3CE461D6310} . (.IvoSoft - Adds classic Windows Explorer features.) -- C:\Program Files\Classic Shell\ClassicExplorer64.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: avast! Free Antivirus.lnk . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - GS\Desktop [Public]: CCleaner.lnk . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>Piriform Ltd
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Google Earth.lnk . (.Google - Google Earth.) -- C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe =>.Google Inc
O4 - GS\Desktop [Public]: WildTangent Games App - packardbell.lnk . (.WildTangent - WildTangent Games App.) -- C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: Microsoft Office.lnk . (.Microsoft Corporation - Microsoft Office.) -- C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.exe
O4 - GS\Program [Public]: Movie Maker.lnk . (.Microsoft Corporation - Movie Maker.) -- C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe =>.Microsoft Corporation
O4 - GS\Program [Public]: Photo Gallery.lnk . (.Microsoft Corporation - Photo Gallery.) -- C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe =>.Microsoft Corporation
O4 - GS\Program [Public]: Spotify.lnk . (...) -- C:\Program Files (x86)\Spotify\SpotifyLauncher.exe
O4 - GS\Program [Public]: WildTangent Games App - packardbell.lnk . (.WildTangent - WildTangent Games App.) -- C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe
O4 - GS\Program [Public]: Windows Live Mail.lnk . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe =>.Microsoft Corporation
O4 - GS\Program [Public]: Windows Live Messenger.lnk . (...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - GS\Program [Public]: Windows Store.lnk . (...) -- C:\Windows\WinStore\WinStore.htm
O4 - GS\Accessories [Public]: Calculator.lnk . (.Microsoft Corporation - Calculatrice de Windows.) -- C:\Windows\system32\calc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Math Input Panel.lnk . (...) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe (.not file.)
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) -- C:\Windows\system32\mspaint.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Connexion Bureau à distance.) -- C:\Windows\system32\mstsc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Outil Capture d’écran.) -- C:\Windows\system32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sound Recorder.lnk . (.Microsoft Corporation - Magnétophone Windows.) -- C:\Windows\system32\SoundRecorder.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Steps Recorder.lnk . (.Microsoft Corporation - Enregistreur d’actions.) -- C:\Windows\system32\psr.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sticky Notes.lnk . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\system32\StikyNot.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Application Windows Wordpad.) -- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: XPS Viewer.lnk . (.Microsoft Corporation - Visionneuse XPS.) -- C:\Windows\system32\xpsrchvw.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Table des caractères.) -- C:\Windows\system32\charmap.exe =>.Microsoft Corporation
O4 - GS\QuickLaunch [Epcs]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Epcs]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Epcs]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Epcs\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [Epcs]: avast! Free Antivirus.lnk . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - GS\TaskBar [Epcs]: File Explorer.lnk . (...) -- C:\Users\Epcs\AppData\Roaming\Microsoft\Windows\Libraries
O4 - GS\TaskBar [Epcs]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Epcs]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Epcs]: Packard Bell Device Fast-lane.lnk . (...) -- C:\Program Files (x86)\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneUI.exe (.not file.)
O4 - GS\Program [Epcs]: Corbeille.lnk - Clé orpheline
O4 - GS\Program [Epcs]: HSS-3-19-install-plain-504-plain.lnk . (...) -- C:\Users\Epcs\Desktop\HSS-3-19-install-plain-504-plain.exe (.not file.)
O4 - GS\Program [Epcs]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Epcs]: Lollipop.lnk - Clé orpheline =>Adware.Lollipop
O4 - GS\Program [Epcs]: SkyDrive.lnk . (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\Epcs\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe =>.Microsoft Corporation
O4 - GS\Desktop [Epcs]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Program Files (x86)\ZHPDiag\ZHPhep.exe =>.Nicolas Coolman
O4 - GS\Desktop [Epcs]: ZHPFix.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe =>.Nicolas Coolman
O4 - GS\Desktop [Epcs]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Epcs\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 45 Scanned in 00mn 01s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Epcs]: lollipop.lnk - Clé orpheline =>Adware.Lollipop
O4 - HKLM\..\Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.)
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Epcs\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKLM\..\Wow6432Node\Run: [LManager] Clé orpheline
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [YTDownloader] C:\Program Files (x86)\YTDownloader\YTDownloader.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (.not file.)
O4 - HKUS\S-1-5-21-2766722852-1349922305-1626358630-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Epcs\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Application: Scanned in 00mn 00s



---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ IE Control Panel: 1 Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Microsoft Lync add-on [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: Classic IE9 Settings [64Bits] - {56753E59-AF1D-4FBA-9E15-31557124ADA2} -- Clé orpheline
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll =>.Microsoft Corporation
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
~ Winsock: 6 Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{60B044FB-0941-48E0-8260-1140ED3652F5}: DhcpNameServer = 62.197.111.140 109.88.203.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{60B044FB-0941-48E0-8260-1140ED3652F5}: DhcpDomain = teledisnet.be
O17 - HKLM\System\CS1\Services\Tcpip\..\{60B044FB-0941-48E0-8260-1140ED3652F5}: DhcpNameServer = 62.197.111.140 109.88.203.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{60B044FB-0941-48E0-8260-1140ED3652F5}: DhcpDomain = teledisnet.be
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.197.111.140 109.88.203.3
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (.not file.) =>Toolbar.Conduit
~ AppInit DLL: Scanned in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ SSODL: 1 Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\Windows\System32\atiesrxx.exe
O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Classic Shell Service (ClassicShellService) . (.IvoSoft - Classic Shell Service.) - C:\Program Files\Classic Shell\ClassicShellService.exe
O23 - Service: C:\Windows\system32\CxAudMsg64.exe (CxAudMsg) . (.Conexant Systems Inc. - Conexant Audio Message Service.) - C:\Windows\system32\CxAudMsg64.exe
O23 - Service: Distributed Computing Experiment (DCE) . (.Pas de propriétaire - DCEService.) - C:\Program Files\DCE\dce.exe
O23 - Service: Dritek WMI Service (DsiWMIService) . (.Dritek System Inc. - Dritek WMI Service.) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: Elan Service (ETDService) . (.ELAN Microelectronics Corp. - Elan Service.) - C:\Program Files\Elantech\ETDService.exe
O23 - Service: GamesAppIntegrationService (GamesAppIntegrationService) . (.WildTangent - WildTangent Games App Integration Service.) - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc
O23 - Service: IconMan_R (IconMan_R) . (.Realsil Microelectronics Inc. - Realtek Card Reader Patch Tool..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: c:\Program Files (x86)\Nero\Update\NASvc.exe (NAUpdate) . (.Nero AG - NeroUpdate.) - c:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) . (.Dritek System INC. - RfBtnSvc Application.) - C:\Windows\RfBtnSvc64.exe
O23 - Service: ZAtheros Wlan Agent (ZAtheros Wlan Agent) . (.Atheros - Atheros Coex Service Application.) - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
~ Services: 13 Scanned in 00mn 40s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Desktop Component: 4 Scanned in 00mn 00s



---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ BEX: 1 Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1070]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1074]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SaveSense.job [298] =>PUP.SaveSense
[MD5.F92019F2A58640821B109B30193D5E7D] [APT] [ALU] (...) -- C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe [3367976]
[MD5.B690DE3B3D28AD45112BE310780DBE8D] [APT] [ALUAgent] (...) -- C:\Program Files (x86)\Packard Bell\Live Updater\liveupdater_agent.exe [40008]
[MD5.24DC2A6F110B79787D6C5D5FF52A0235] [APT] [avast! Emergency Update] (.AVAST Software.) -- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [765176]
[MD5.3E6442B01E44B3AA31807FEF5235DC54] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [3919640] =>Piriform Ltd
[MD5.3A46B06FCF88F69A4BC0B2C5BE617325] [APT] [Epcs Nero LIVEBackup 12 0] (.Nero AG.) -- C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\NBCore.exe [2278224]
[MD5.3A46B06FCF88F69A4BC0B2C5BE617325] [APT] [Epcs Nero LIVEBackup Merge 12 0] (.Nero AG.) -- C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\NBCore.exe [2278224]
[MD5.00000000000000000000000000000000] [APT] [EPUpdater] (...) -- C:\Users\Epcs\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe (.not file.) [0] =>Hijacker.BabSolution
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648]
[MD5.00000000000000000000000000000000] [APT] [Power Management] (...) -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [SaveSense] (...) -- C:\Users\Epcs\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.SaveSense
[MD5.00000000000000000000000000000000] [APT] [{687357AD-3C8C-4ACA-A8C4-07868EB0591D}] (...) -- C:\Program Files (x86)\YTDownloader\YTDUninstall.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9B60386A-BEC8-4336-AD63-24B3CB2D86EE}] (...) -- C:\Program Files (x86)\ShopperPro\SPremove.exe (.not file.) [0]
~ Scheduled Task: 19 Scanned in 00mn 12s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player [64Bits] - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Microsoft Windows Media Player 12.0 [64Bits] - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\SysWOW64\wmpdxm.dll =>.Microsoft Corporation
O40 - ASIC: Themes Setup [64Bits] - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API Windows Theme.) -- C:\Windows\System32\themeui.dll
O40 - ASIC: Microsoft Windows [64Bits] - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe =>.Microsoft Corporation
O40 - ASIC: Browsing Enhancements [64Bits] - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extension Shell dossier FTP Microsoft Internet Explorer..) -- C:\Windows\System32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\System32\mscories.dll
~ Active Setup: 8 Scanned in 00mn 00s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (aswRdr) . (.AVAST Software - avast! WFP Redirect Driver.) - C:\Windows\system32\drivers\aswRdr2.sys
O41 - Driver: (aswSnx) . (.AVAST Software - avast! Virtualization Driver.) - C:\Windows\system32\drivers\aswSnx.sys
O41 - Driver: (aswSP) . (.AVAST Software - avast! self protection module.) - C:\Windows\system32\drivers\aswSP.sys
O41 - Driver: (BasicDisplay) . (.Microsoft Corporation - Microsoft Basic Display Driver.) - C:\Windows\system32\drivers\BasicDisplay.sys
O41 - Driver: (BasicRender) . (.Microsoft Corporation - Microsoft Basic Render Driver.) - C:\Windows\system32\drivers\BasicRender.sys
O41 - Driver: cdrom.inf (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys
O41 - Driver: C:\Windows\System32\drivers\dam.sys (dam) . (.Microsoft Corporation - DAM Kernel Driver.) - C:\Windows\System32\drivers\dam.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (Dfsc) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: mssmbios.inf (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys
O41 - Driver: netnb.inf (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: npsvctrig.inf (npsvctrig) . (.Microsoft Corporation - Named pipe service triggers.) - C:\Windows\system32\drivers\npsvctrig.sys
O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys
O41 - Driver: C:\Windows\System32\drivers\vwififlt.sys (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\system32\DRIVERS\vwififlt.sys
O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys
~ Drivers: 40 Scanned in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: AMD APP SDK Runtime - (.Advanced Micro Devices Inc..) [HKLM][64Bits] -- {503F672D-6C84-448A-8F8F-4BC35AC83441}
O42 - Logiciel: AMD Accelerated Video Transcoding - (.Advanced Micro Devices, Inc..) [HKLM][64Bits] -- {2F1EB597-74DA-2C71-C065-BF4C6B89062C}
O42 - Logiciel: AMD Catalyst Install Manager - (.Advanced Micro Devices, Inc..) [HKLM][64Bits] -- {7BABDF85-566A-FCC6-E6FE-12DCFF3F9FEB}
O42 - Logiciel: Bejeweled 3 - (.WildTangent.) [HKLM][64Bits] -- WTA-441e3cc1-f33f-401a-84a5-5958c3e98975
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner =>Piriform Ltd
O42 - Logiciel: Canaux de jeu - (.WildTangent, Inc..) [HKLM][64Bits] -- WildTangentGameProvider-packardbell-genres
O42 - Logiciel: Canaux de jeu - (.WildTangent, Inc..) [HKLM][64Bits] -- WildTangentGameProvider-packardbell-main
O42 - Logiciel: Catalyst Control Center - Branding - (.Advanced Micro Devices, Inc..) [HKLM][64Bits] -- {33FA327B-E7E2-4E38-BF1A-67DCE285BD5C}
O42 - Logiciel: Classic Shell - (.IvoSoft.) [HKLM][64Bits] -- {FEA1590B-540A-41FC-A95C-664493C82A21}
O42 - Logiciel: Conexant HD Audio - (.Conexant.) [HKLM][64Bits] -- CNXT_AUDIO_HDA
O42 - Logiciel: CyberLink PowerDVD 12 - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
O42 - Logiciel: CyberLink PowerDVD 12 - (.CyberLink Corp..) [HKLM][64Bits] -- {B46BEA36-0B71-4A4E-AE41-87241643FA0A}
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}
O42 - Logiciel: Delicious: Emily's Childhood Memories Premium Edition - (.WildTangent.) [HKLM][64Bits] -- WTA-5d779069-d073-44d4-8bc5-9ba2acbf1df6
O42 - Logiciel: Distributed Computing Experiment - (...) [HKLM][64Bits] -- Distributed Computing Experiment
O42 - Logiciel: ETDWare PS/2-X64 11.6.17.002_WHQL - (.ELAN Microelectronic Corp..) [HKLM][64Bits] -- Elantech
O42 - Logiciel: Galerie de photos - (.Microsoft Corporation.) [HKLM][64Bits] -- {446CC8CE-0E90-44F7-ADD0-774B243EF090}
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM][64Bits] -- {18455581-E099-4BA8-BC6B-F34B2F06600C} =>Toolbar.Google
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM][64Bits] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: Google Earth - (.Google.) [HKLM][64Bits] -- {4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}
O42 - Logiciel: Governor of Poker 2 Premium Edition - (.WildTangent.) [HKLM][64Bits] -- WTA-d7d0b4e3-f3e7-4286-a056-ac68a86f7871
O42 - Logiciel: Identity Card - (.Packard Bell.) [HKLM][64Bits] -- {3D9CB654-99AD-4301-89C6-0D12A790767C}
O42 - Logiciel: Jewel Match 3 - (.WildTangent.) [HKLM][64Bits] -- WTA-ed7956a9-3430-48f9-81d5-66b6099074c1
O42 - Logiciel: John Deere Drive Green - (.WildTangent.) [HKLM][64Bits] -- WTA-c585c88f-414f-43b2-b1f3-cfc4c083803c
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM][64Bits] -- {400C31E4-796F-4E86-8FDC-C3C4FACC6847}
O42 - Logiciel: K-Lite Codec Pack 9.8.0 (Basic) - (...) [HKLM][64Bits] -- KLiteCodecPack_is1
O42 - Logiciel: Launch Manager - (.Packard Bell.) [HKLM][64Bits] -- LManager
O42 - Logiciel: Live Updater - (.Packard Bell.) [HKLM][64Bits] -- {EE26E302-876A-48D9-9058-3129E5B99999}
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
O42 - Logiciel: MSVCRT110 - (.Microsoft.) [HKLM][64Bits] -- {8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}
O42 - Logiciel: MSVCRT110_amd64 - (.Microsoft.) [HKLM][64Bits] -- {E9FA781F-3E80-4399-825A-AD3E11C28C77}
O42 - Logiciel: MSVCRT_amd64 - (.Microsoft.) [HKLM][64Bits] -- {D0B44725-3666-492D-BEF6-587A14BD9BD9}
O42 - Logiciel: Magic Academy - (.WildTangent.) [HKLM][64Bits] -- WTA-645051f9-b1c5-4e88-b8b2-ef75f0ff54b4
O42 - Logiciel: Microsoft SkyDrive - (.Microsoft Corporation.) [HKCU][64Bits] -- SkyDriveSetup.exe =>.Microsoft Corporation
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] -- MozillaMaintenanceService
O42 - Logiciel: Nero BackItUp - (.Nero AG.) [HKLM][64Bits] -- {DA2D3078-A58C-45E8-8EE0-18B8BE6B34F7}
O42 - Logiciel: Nero BackItUp 12 Essentials OEM.a01 - (.Nero AG.) [HKLM][64Bits] -- {4CA8F973-6377-4ABF-9ED5-CC2323B3C000}
O42 - Logiciel: Nero BackItUp Help (CHM) - (.Nero AG.) [HKLM][64Bits] -- {EF0D1292-8FC1-41BE-9740-DBC134F66415}
O42 - Logiciel: Nero Backup Drivers - (.Nero AG.) [HKLM][64Bits] -- {D600D357-5CB9-4DE9-8FD4-14E208BD1970}
O42 - Logiciel: Nero ControlCenter - (.Nero AG.) [HKLM][64Bits] -- {ABC88553-8770-4B97-B43E-5A90647A5B63}
O42 - Logiciel: Nero ControlCenter Help (CHM) - (.Nero AG.) [HKLM][64Bits] -- {C994C746-C6D0-4EBA-B09E-DF7B18381B69}
O42 - Logiciel: Nero Core Components - (.Nero AG.) [HKLM][64Bits] -- {BEBEE34D-84A2-4EDD-8BEA-96CC54371263}
O42 - Logiciel: Nero Launcher - (.Nero AG.) [HKLM][64Bits] -- {0E4630AF-0AB7-440E-A978-1A78FC4F43B9}
O42 - Logiciel: Nero RescueAgent - (.Nero AG.) [HKLM][64Bits] -- {B953732D-B623-4E84-B369-CFFF7B1AE06F}
O42 - Logiciel: Nero RescueAgent Help (CHM) - (.Nero AG.) [HKLM][64Bits] -- {0B311221-05A5-4766-8D03-7A6446794156}
O42 - Logiciel: Nero Update - (.Nero AG.) [HKLM][64Bits] -- {65BB0407-4CC8-4DC7-952E-3EEFDF05602A}
O42 - Logiciel: Office 15 Click-to-Run Extensibility Component - (.Microsoft Corporation.) [HKLM][64Bits] -- {20150000-008C-0000-0000-0000000FF1CE}
O42 - Logiciel: Office 15 Click-to-Run Licensing Component - (.Microsoft Corporation.) [HKLM][64Bits] -- {50150000-008F-0000-1000-0000000FF1CE}
O42 - Logiciel: Office 15 Click-to-Run Localization Component - (.Microsoft Corporation.) [HKLM][64Bits] -- {20150000-008C-0C0A-0000-0000000FF1CE}
O42 - Logiciel: Packard Bell Device Fast-lane - (.Packard Bell.) [HKLM][64Bits] -- {3F62D2FD-13C1-49A2-8B5D-47623D9460D7}
O42 - Logiciel: Packard Bell Power Management - (.Packard Bell.) [HKLM][64Bits] -- {91F52DE4-B789-42B0-9311-A349F10E5479}
O42 - Logiciel: Packard Bell Recovery Management - (.Packard Bell.) [HKLM][64Bits] -- {07F2005A-8CAC-4A4B-83A2-DA98A722CA61}
O42 - Logiciel: Plants vs. Zombies - Game of the Year - (.WildTangent.) [HKLM][64Bits] -- WTA-46877c73-c205-485a-af10-ad1555ce449e
O42 - Logiciel: Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Dr - (.Qualcomm Atheros Communications Inc..) [HKLM][64Bits] -- {3108C217-BE83-42E4-AE9E-A56A2A92E549}
O42 - Logiciel: Qualcomm Atheros WiFi Driver Installation - (.Qualcomm Atheros.) [HKLM][64Bits] -- {28006915-2739-4EBE-B5E8-49B25D32EB33}
O42 - Logiciel: Realtek PCIE Card Reader - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {C1594429-8296-4652-BF54-9DBE4932A44C}
O42 - Logiciel: Spotify - (.Spotify AB.) [HKLM][64Bits] -- Spotify
O42 - Logiciel: Tales of Lagoona - (.WildTangent.) [HKLM][64Bits] -- WTA-433d055f-5486-4d09-9276-78d8bb1534f0
O42 - Logiciel: Update Installer for WildTangent Games App - (.WildTangent.) [HKLM][64Bits] -- {2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App
O42 - Logiciel: Vittalia Installer - (.FREESOFTPC.com.) [HKLM][64Bits] -- Vittalia =>PUP.Vittalia
O42 - Logiciel: Web Cake 3.00 - (.Web Cake LLC.) [HKLM][64Bits] -- {C4ED781C-7394-4906-AAFF-D6AB64FF7C38} =>Adware.WebCake
O42 - Logiciel: WildTangent Games - (.WildTangent.) [HKLM][64Bits] -- WildTangent wildgames Master Uninstall
O42 - Logiciel: WildTangent Games App - (.WildTangent.) [HKLM][64Bits] -- {70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell
O42 - Logiciel: avast! Free Antivirus v9.0.2011 - (.Avast Software.) [HKLM][64Bits] -- avast
O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKCU][64Bits] -- uTorrent =>P2P.BitTorrent
~ Logic: 55 Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\48292InstEnd]
[HKCU\Software\5e0888fb73eb812] =>Hijacker.Eazel
[HKCU\Software\ATI]
[HKCU\Software\AVAST Software]
[HKCU\Software\AnchorFree]
[HKCU\Software\AppDataLow\Software\Plus-HD-2.2] =>Adware.PlusHD
[HKCU\Software\AppDataLow\Software\adawarebp]
[HKCU\Software\AppDataLow\Software\iWebar]
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}]
[HKCU\Software\AppDataLow]
[HKCU\Software\BBL]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\BitTorrent] =>P2P.BitTorrent
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Data Dynamics]
[HKCU\Software\Delta]
[HKCU\Software\Dritek]
[HKCU\Software\Elantech]
[HKCU\Software\FileScout] =>PUP.FileScout
[HKCU\Software\GNU]
[HKCU\Software\GOffers]
[HKCU\Software\Gabest]
[HKCU\Software\Google]
[HKCU\Software\Haali]
[HKCU\Software\IM Providers]
[HKCU\Software\Icaros]
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\IvoSoft]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\Magnet]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\Mine]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Nero]
[HKCU\Software\Norton]
[HKCU\Software\OEM]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\RegisteredApplications]
[HKCU\Software\SYNCJM]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Symantec]
[HKCU\Software\Trolltech]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\Wow6432Node]
[HKCU\Software\ZebHelpProcess Helper]
[HKCU\Software\kde.org]
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKCU\Software\mozilla]
[HKLM\Software\AMD]
[HKLM\Software\ATI Technologies]
[HKLM\Software\BrowserChoice]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Cnxt_Uiu_Parms]
[HKLM\Software\Conexant]
[HKLM\Software\DCE]
[HKLM\Software\Goobzo]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\IvoSoft]
[HKLM\Software\Khronos]
[HKLM\Software\Macromedia]
[HKLM\Software\Mozilla]
[HKLM\Software\Norton]
[HKLM\Software\ODBC]
[HKLM\Software\OEM]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Qualcomm Atheros Fast Reconnect]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SysPlayer]
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wow6432Node\5e0888fb73eb812] =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\AMD]
[HKLM\Software\Wow6432Node\ATHEROS]
[HKLM\Software\Wow6432Node\ATI Technologies]
[HKLM\Software\Wow6432Node\ATI]
[HKLM\Software\Wow6432Node\AVAST Software]
[HKLM\Software\Wow6432Node\Avg]
[HKLM\Software\Wow6432Node\Classes]
[HKLM\Software\Wow6432Node\Clients]
[HKLM\Software\Wow6432Node\CyberLink]
[HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr
[HKLM\Software\Wow6432Node\Delta]
[HKLM\Software\Wow6432Node\Dritek]
[HKLM\Software\Wow6432Node\GNU]
[HKLM\Software\Wow6432Node\Google]
[HKLM\Software\Wow6432Node\HaaliMkx]
[HKLM\Software\Wow6432Node\Icaros]
[HKLM\Software\Wow6432Node\Intel]
[HKLM\Software\Wow6432Node\KLCodecPack]
[HKLM\Software\Wow6432Node\Khronos]
[HKLM\Software\Wow6432Node\LAV]
[HKLM\Software\Wow6432Node\Lake]
[HKLM\Software\Wow6432Node\Macromedia]
[HKLM\Software\Wow6432Node\Malwarebytes' Anti-Malware (Trial)]
[HKLM\Software\Wow6432Node\Malwarebytes' Anti-Malware]
[HKLM\Software\Wow6432Node\MozillaPlugins]
[HKLM\Software\Wow6432Node\Mozilla]
[HKLM\Software\Wow6432Node\Nero]
[HKLM\Software\Wow6432Node\Norton]
[HKLM\Software\Wow6432Node\ODBC]
[HKLM\Software\Wow6432Node\OEM]
[HKLM\Software\Wow6432Node\Policies]
[HKLM\Software\Wow6432Node\Qualcomm Atheros Communications Inc.]
[HKLM\Software\Wow6432Node\Qualcomm Atheros WiFi Driver Installation]
[HKLM\Software\Wow6432Node\Realtek Semiconductor Corp.]
[HKLM\Software\Wow6432Node\RegisteredApplications]
[HKLM\Software\Wow6432Node\SearchProtect] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Symantec]
[HKLM\Software\Wow6432Node\Volatile]
[HKLM\Software\Wow6432Node\WildTangent]
[HKLM\Software\Wow6432Node\Wow6432Node]
[HKLM\Software\Wow6432Node]
[HKLM\Software\YTDownloader]
~ Key Software: 245 Scanned in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29-04-13 - 14:34:06 - [2,145] ----D C:\Program Files (x86)\AMD APP
O43 - CFD: 29-04-13 - 14:34:07 - [0,389] ----D C:\Program Files (x86)\AMD AVT
O43 - CFD: 29-04-13 - 14:33:59 - [58,734] ----D C:\Program Files (x86)\ATI Technologies
O43 - CFD: 23-08-13 - 20:03:28 - [363,022] ----D C:\Program Files (x86)\Common Files
O43 - CFD: 29-04-13 - 14:56:53 - [180,117] ----D C:\Program Files (x86)\CyberLink
O43 - CFD: 23-08-13 - 19:53:28 - [0] ----D C:\Program Files (x86)\Delta
O43 - CFD: 21-12-13 - 02:34:38 - [705,660] ----D C:\Program Files (x86)\Google
O43 - CFD: 29-04-13 - 14:56:05 - [53,242] --H-D C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 15-12-13 - 18:39:43 - [4,633] ----D C:\Program Files (x86)\Internet Explorer
O43 - CFD: 30-07-13 - 15:53:46 - [36,798] ----D C:\Program Files (x86)\K-Lite Codec Pack
O43 - CFD: 29-04-13 - 14:30:02 - [28,471] ----D C:\Program Files (x86)\Launch Manager
O43 - CFD: 24-11-13 - 16:11:40 - [0] ----D C:\Program Files (x86)\Lavasoft
O43 - CFD: 29-04-13 - 15:03:27 - [2,428] ----D C:\Program Files (x86)\Microsoft Office
O43 - CFD: 23-08-13 - 20:06:53 - [5,397] ----D C:\Program Files (x86)\Microsoft SkyDrive =>.Microsoft Corporation
O43 - CFD: 23-08-13 - 20:10:12 - [1,745] ----D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
O43 - CFD: 23-08-13 - 20:01:55 - [7,797] ----D C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 26-09-13 - 13:48:54 - [0] ----D C:\Program Files (x86)\Movdap
O43 - CFD: 08-08-13 - 12:41:05 - [0] ----D C:\Program Files (x86)\Mozilla Firefox
O43 - CFD: 07-11-13 - 12:56:15 - [0,216] ----D C:\Program Files (x86)\Mozilla Maintenance Service
O43 - CFD: 02-04-13 - 12:25:12 - [0,025] ----D C:\Program Files (x86)\MSBuild
O43 - CFD: 23-08-13 - 19:46:58 - [4,709] ----D C:\Program Files (x86)\MSECache
O43 - CFD: 09-08-13 - 21:34:41 - [151,832] ----D C:\Program Files (x86)\Nero
O43 - CFD: 02-04-13 - 14:02:03 - [5,259] ----D C:\Program Files (x86)\Packard Bell
O43 - CFD: 29-04-13 - 14:44:29 - [7,935] ----D C:\Program Files (x86)\Qualcomm Atheros
O43 - CFD: 29-04-13 - 14:26:17 - [14,214] ----D C:\Program Files (x86)\Realtek
O43 - CFD: 02-04-13 - 12:25:13 - [36,536] ----D C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 08-01-14 - 12:49:43 - [0,018] ----D C:\Program Files (x86)\ShopperPro
O43 - CFD: 29-04-13 - 14:50:48 - [42,601] ----D C:\Program Files (x86)\Spotify
O43 - CFD: 30-07-13 - 16:39:29 - [44,552] ----D C:\Program Files (x86)\SUPERTEC
O43 - CFD: 02-04-13 - 14:06:16 - [2,444] ----D C:\Program Files (x86)\SymSilent
O43 - CFD: 08-01-14 - 12:50:07 - [35,007] ----D C:\Program Files (x86)\SysPlayer
O43 - CFD: 24-11-13 - 19:34:41 - [0,001] ----D C:\Program Files (x86)\TornTV.com =>Hijacker.TornTV
O43 - CFD: 23-08-13 - 19:54:55 - [0,104] ----D C:\Program Files (x86)\Vittalia =>PUP.Vittalia
O43 - CFD: 02-04-13 - 14:01:23 - [387,206] ----D C:\Program Files (x86)\WildGames
O43 - CFD: 12-01-14 - 21:41:44 - [33,244] ----D C:\Program Files (x86)\WildTangent Games
O43 - CFD: 23-08-13 - 15:40:09 - [1,038] ----D C:\Program Files (x86)\Windows Defender
O43 - CFD: 23-08-13 - 20:10:01 - [149,639] ----D C:\Program Files (x86)\Windows Live
O43 - CFD: 02-07-13 - 23:25:39 - [5,466] ----D C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 07-08-13 - 22:23:56 - [3,494] ----D C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 26-07-12 - 09:13:01 - [0,209] ----D C:\Program Files (x86)\Windows Multimedia Platform
O43 - CFD: 26-07-12 - 09:12:59 - [7,243] ----D C:\Program Files (x86)\Windows NT
O43 - CFD: 07-08-13 - 22:22:22 - [5,226] ----D C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 26-07-12 - 09:13:01 - [0,209] ----D C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 26-07-12 - 09:12:59 - [0] -SH-D C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 22-01-14 - 12:10:25 - [17,257] ----D C:\Program Files (x86)\ZHPDiag =>.Nicolas Coolman
O43 - CFD: 29-04-13 - 14:34:08 - [2,238] ----D C:\Program Files (x86)\Common Files\ATI Technologies
O43 - CFD: 23-08-13 - 20:02:00 - [0,013] ----D C:\Program Files (x86)\Common Files\DESIGNER
O43 - CFD: 23-08-13 - 20:02:01 - [333,681] ----D C:\Program Files (x86)\Common Files\Microsoft Shared
O43 - CFD: 02-04-13 - 14:03:06 - [17,681] ----D C:\Program Files (x86)\Common Files\Nero
O43 - CFD: 26-07-12 - 09:13:01 - [0,003] ----D C:\Program Files (x86)\Common Files\Services
O43 - CFD: 07-08-13 - 20:09:54 - [0] ----D C:\Program Files (x86)\Common Files\Symantec Shared
O43 - CFD: 29-04-13 - 15:13:35 - [9,406] ----D C:\Program Files (x86)\Common Files\System
O43 - CFD: 23-08-13 - 20:03:28 - [0] ----D C:\Program Files (x86)\Common Files\Windows Live
O43 - CFD: 29-04-13 - 14:34:08 - [0] ----D C:\ProgramData\AMD
O43 - CFD: 26-07-12 - 08:22:08 - [0] -SH-D C:\ProgramData\Application Data
O43 - CFD: 22-11-13 - 16:17:00 - [67,052] ----D C:\ProgramData\AVAST Software
O43 - CFD: 08-08-13 - 12:40:22 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 29-04-13 - 15:05:37 - [0,040] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 29-04-13 - 14:57:54 - [0] ----D C:\ProgramData\CLSK
O43 - CFD: 07-08-13 - 21:17:46 - [0] --H-D C:\ProgramData\Common Files
O43 - CFD: 29-04-13 - 14:39:06 - [0,495] ----D C:\ProgramData\Conexant
O43 - CFD: 29-04-13 - 14:57:53 - [0,001] ----D C:\ProgramData\CyberLink
O43 - CFD: 26-07-12 - 08:22:08 - [0] -SH-D C:\ProgramData\Desktop
O43 - CFD: 26-07-12 - 08:22:08 - [0] -SH-D C:\ProgramData\Documents
O43 - CFD: 07-08-13 - 21:44:14 - [0,012] ----D C:\ProgramData\Google
O43 - CFD: 29-04-13 - 14:56:06 - [0,437] ----D C:\ProgramData\install_clap
O43 - CFD: 24-11-13 - 11:57:54 - [2,001] ----D C:\ProgramData\Lavasoft
O43 - CFD: 01-12-13 - 19:40:23 - [0,012] ----D C:\ProgramData\Malwarebytes
O43 - CFD: 07-08-13 - 21:18:08 - [37,783] ----D C:\ProgramData\MFAData
O43 - CFD: 23-08-13 - 20:03:23 - [-2013,882] -S--D C:\ProgramData\Microsoft
O43 - CFD: 23-08-13 - 20:06:08 - [0] ----D C:\ProgramData\Microsoft SkyDrive =>.Microsoft Corporation
O43 - CFD: 07-11-13 - 12:56:15 - [0] ----D C:\ProgramData\Mozilla
O43 - CFD: 02-04-13 - 14:03:06 - [0,872] ----D C:\ProgramData\Nero
O43 - CFD: 07-08-13 - 22:19:01 - [0,083] ----D C:\ProgramData\Norton
O43 - CFD: 07-08-13 - 20:11:53 - [14,194] ----D C:\ProgramData\NortonInstaller
O43 - CFD: 29-04-13 - 15:07:24 - [0,002] ----D C:\ProgramData\OEM
O43 - CFD: 02-07-13 - 09:08:09 - [0] ----D C:\ProgramData\OEM_YAHOO
O43 - CFD: 02-04-13 - 14:02:03 - [0,230] ----D C:\ProgramData\Packard Bell
O43 - CFD: 01-08-13 - 11:42:08 - [0,048] ----D C:\ProgramData\PRICache
O43 - CFD: 29-04-13 - 14:44:21 - [0,021] ----D C:\ProgramData\Qualcomm Atheros
O43 - CFD: 29-04-13 - 15:03:35 - [0,002] ----D C:\ProgramData\regid.1991-06.com.microsoft
O43 - CFD: 26-07-12 - 08:22:08 - [0] -SH-D C:\ProgramData\Start Menu
O43 - CFD: 29-04-13 - 15:05:36 - [0] ----D C:\ProgramData\Symantec
O43 - CFD: 01-12-13 - 21:06:30 - [1,046] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma
O43 - CFD: 29-04-13 - 14:56:53 - [0,346] ----D C:\ProgramData\Temp
O43 - CFD: 26-07-12 - 08:22:08 - [0] -SH-D C:\ProgramData\Templates
O43 - CFD: 12-01-14 - 21:41:41 - [1081,423] ----D C:\ProgramData\WildTangent
O43 - CFD: 02-07-13 - 09:07:42 - [1,971] ----D C:\Users\Epcs\AppData\Roaming\Adobe
O43 - CFD: 22-11-13 - 16:21:23 - [0] ----D C:\Users\Epcs\AppData\Roaming\AVAST Software
O43 - CFD: 06-01-14 - 21:33:48 - [0,005] ----D C:\Users\Epcs\AppData\Roaming\GoobZo
O43 - CFD: 07-08-13 - 22:33:21 - [0,001] ----D C:\Users\Epcs\AppData\Roaming\Google
O43 - CFD: 06-11-13 - 11:17:24 - [0] ----D C:\Users\Epcs\AppData\Roaming\Identities
O43 - CFD: 24-11-13 - 15:53:18 - [0,001] ----D C:\Users\Epcs\AppData\Roaming\LavasoftStatistics
O43 - CFD: 02-07-13 - 09:07:07 - [0,327] ----D C:\Users\Epcs\AppData\Roaming\lm
O43 - CFD: 07-08-13 - 21:15:49 - [0,004] ----D C:\Users\Epcs\AppData\Roaming\Macromedia
O43 - CFD: 01-12-13 - 19:40:32 - [123,660] ----D C:\Users\Epcs\AppData\Roaming\Malwarebytes
O43 - CFD: 06-11-13 - 11:11:14 - [1,927] -S--D C:\Users\Epcs\AppData\Roaming\Microsoft
O43 - CFD: 19-08-13 - 08:27:35 - [0] ----D C:\Users\Epcs\AppData\Roaming\Movdap
O43 - CFD: 07-11-13 - 12:56:20 - [0] ----D C:\Users\Epcs\AppData\Roaming\Mozilla
O43 - CFD: 09-08-13 - 21:32:49 - [14,545] ----D C:\Users\Epcs\AppData\Roaming\Nero
O43 - CFD: 24-11-13 - 12:00:48 - [0,014] ----D C:\Users\Epcs\AppData\Roaming\SecureSearch
O43 - CFD: 02-01-14 - 11:32:34 - [0] ----D C:\Users\Epcs\AppData\Roaming\Shareaza
O43 - CFD: 07-11-13 - 12:56:20 - [13,443] ----D C:\Users\Epcs\AppData\Roaming\Thunderbird =>.Mozilla Corporation
O43 - CFD: 22-01-14 - 12:08:20 - [4,283] ----D C:\Users\Epcs\AppData\Roaming\uTorrent =>P2P.µTorrent
O43 - CFD: 23-08-13 - 19:15:25 - [0] ----D C:\Users\Epcs\AppData\Roaming\Web Cake =>Adware.WebCake
O43 - CFD: 23-08-13 - 18:04:35 - [2,281] ----D C:\Users\Epcs\AppData\Roaming\WildTangent
O43 - CFD: 06-11-13 - 11:17:35 - [0] ----D C:\Users\Epcs\AppData\Roaming\Windows Live Writer
O43 - CFD: 22-01-14 - 12:12:14 - [0,019] ----D C:\Users\Epcs\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 02-07-13 - 09:01:26 - [0] -SH-D C:\Users\Epcs\AppData\Local\Application Data
O43 - CFD: 07-08-13 - 21:17:46 - [0] ----D C:\Users\Epcs\AppData\Local\Avg2013
O43 - CFD: 22-11-13 - 16:23:12 - [0,033] ----D C:\Users\Epcs\AppData\Local\avgchrome
O43 - CFD: 02-01-14 - 12:04:29 - [0] ----D C:\Users\Epcs\AppData\Local\cache
O43 - CFD: 21-01-14 - 13:23:13 - [25,135] ----D C:\Users\Epcs\AppData\Local\CrashDumps
O43 - CFD: 02-01-14 - 11:52:07 - [0] ----D C:\Users\Epcs\AppData\Local\CrashRpt
O43 - CFD: 06-01-14 - 20:47:47 - [0,061] ----D C:\Users\Epcs\AppData\Local\Diagnostics
O43 - CFD: 02-01-14 - 11:57:19 - [1,224] ----D C:\Users\Epcs\AppData\Local\genienext
O43 - CFD: 14-12-13 - 22:18:09 - [31,048] ----D C:\Users\Epcs\AppData\Local\Google
O43 - CFD: 02-07-13 - 09:01:26 - [0] -SH-D C:\Users\Epcs\AppData\Local\Historique
O43 - CFD: 06-01-14 - 21:29:41 - [1,533] ----D C:\Users\Epcs\AppData\Local\Installer
O43 - CFD: 07-08-13 - 21:17:46 - [0,343] ----D C:\Users\Epcs\AppData\Local\MFAData
O43 - CFD: 07-01-14 - 14:25:14 - [515,335] ----D C:\Users\Epcs\AppData\Local\Microsoft
O43 - CFD: 23-08-13 - 18:59:56 - [0,009] ----D C:\Users\Epcs\AppData\Local\Microsoft_Corporation
O43 - CFD: 02-01-14 - 14:54:51 - [84,349] ----D C:\Users\Epcs\AppData\Local\Mobogenie
O43 - CFD: 09-08-13 - 21:34:56 - [0,002] ----D C:\Users\Epcs\AppData\Local\Nero_AG
O43 - CFD: 01-08-13 - 11:42:11 - [425,047] ----D C:\Users\Epcs\AppData\Local\Packages
O43 - CFD: 03-07-13 - 00:22:12 - [0] ----D C:\Users\Epcs\AppData\Local\Programs
O43 - CFD: 06-01-14 - 21:30:33 - [0,117] ----D C:\Users\Epcs\AppData\Local\SearchProtect =>Toolbar.Conduit
O43 - CFD: 08-08-13 - 18:27:15 - [8,055] ----D C:\Users\Epcs\AppData\Local\Shareaza
O43 - CFD: 22-01-14 - 12:10:06 - [0,039] ----D C:\Users\Epcs\AppData\Local\Temp
O43 - CFD: 02-07-13 - 09:01:26 - [0] -SH-D C:\Users\Epcs\AppData\Local\Temporary Internet Files
O43 - CFD: 07-11-13 - 12:56:20 - [1,183] ----D C:\Users\Epcs\AppData\Local\Thunderbird =>.Mozilla Corporation
O43 - CFD: 02-07-13 - 09:01:53 - [0] ----D C:\Users\Epcs\AppData\Local\VirtualStore
O43 - CFD: 03-01-14 - 18:03:40 - [0,066] ----D C:\Users\Epcs\AppData\Local\Windows Live
O43 - CFD: 06-11-13 - 11:17:42 - [0,618] ----D C:\Users\Epcs\AppData\Local\Windows Live Writer
O43 - CFD: 26-07-12 - 09:13:00 - [0,004] R---D C:\Users\Epcs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
O43 - CFD: 23-08-13 - 18:52:50 - [0] R---D C:\Users\Epcs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 19-10-13 - 07:22:26 - [0] R---D C:\Users\Epcs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 22-11-13 - 13:13:04 - [0,001] ----D C:\Users\Epcs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard =>PUP.BitGuard
O43 - CFD: 26-07-12 - 09:13:00 - [0] ----D C:\Users\Epcs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 19-10-13 - 07:22:26 - [0] R---D C:\Users\Epcs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 26-07-12 - 09:13:00 - [0,005] R---D C:\Users\Epcs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
O43 - CFD: 20-11-13 - 12:49:36 - [0,002] ----D C:\Users\Epcs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com =>Hijacker.TornTV
~ Program Folder: 142 Scanned in 00mn 10s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.48D83468DC9FDD830B21BD0FA2AA4029] - 15-01-14 - 11:53:21 ---A- . (.Microsoft Corporation - DLL d’exécution de l’infrastructure de test.) -- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll [163840]
O44 - LFC:[MD5.FA3B2DEF1EA2D6D2018E4289A235B83B] - 15-01-14 - 11:53:22 ---A- . (.Microsoft Corporation - DLL WSShared.) -- C:\Windows\System32\WSShared.dll [688640]
O44 - LFC:[MD5.4CCBBD4944777CA100B9A6C2F149A46F] - 15-01-14 - 11:53:33 ---A- . (.Microsoft Corporation - Microsoft Protection Service Driver.) -- C:\Windows\System32\Drivers\mpsdrv.sys [74752]
O44 - LFC:[MD5.353F85DB0B6EB92A77DA1DC2B9DD4FEF] - 15-01-14 - 11:53:34 ---A- . (.Microsoft Corporation - Web DAV Client DLL.) -- C:\Windows\System32\davclnt.dll [104448]
O44 - LFC:[MD5.9B1384CE8E681D2D77BB3524B8E86311] - 15-01-14 - 11:53:35 ---A- . (.Microsoft Corporation - Fichier DLL du service DAV pour le Web.) -- C:\Windows\System32\WebClnt.dll [227840]
O44 - LFC:[MD5.AE3786294CC246A5403783E1B86A0168] - 15-01-14 - 11:53:35 ---A- . (.Microsoft Corporation - PnP Disk Driver.) -- C:\Windows\System32\Drivers\disk.sys [100696]
O44 - LFC:[MD5.A28DE7725EC0426BC76C064B3A9D64EF] - 15-01-14 - 11:53:35 ---A- . (.Microsoft Corporation - SHCORE.) -- C:\Windows\System32\SHCore.dll [588288]
O44 - LFC:[MD5.09DC813EA00294A6F5B2B6C75E2740ED] - 15-01-14 - 11:53:36 ---A- . (.Microsoft Corporation - API du Pare-feu Windows.) -- C:\Windows\System32\FirewallAPI.dll [758784]
O44 - LFC:[MD5.9DE3341BD4E14BC5FADFCAD3019F2D0D] - 15-01-14 - 11:53:36 ---A- . (.Microsoft Corporation - Service de protection Microsoft.) -- C:\Windows\System32\MPSSVC.dll [915968]
O44 - LFC:[MD5.DCA862F9796BBF621DB12768978DBBA6] - 15-01-14 - 12:02:38 ---A- . (.Microsoft Corporation - Outil de suppression de logiciels malveilla.) -- C:\Windows\System32\MRT.exe [86054176]
O44 - LFC:[MD5.00EAA3392BE27F1C11FFDF7080A05524] - 18-01-14 - 12:22:05 ---A- . (...) -- C:\Windows\PFRO.log [3494]
O44 - LFC:[MD5.75FCBFA584A33DB66C59DC5438332C88] - 18-01-14 - 12:29:10 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [1793362]
O44 - LFC:[MD5.60848F26202F113F568988F91286CB32] - 18-01-14 - 12:29:10 ---A- . (...) -- C:\Windows\System32\perfc009.dat [132614]
O44 - LFC:[MD5.9EE422AA9513AE1F93BFBDC37DEF742C] - 18-01-14 - 12:29:10 ---A- . (...) -- C:\Windows\System32\perfc00C.dat [155650]
O44 - LFC:[MD5.588A60C2D869ECF17BEBA0F05427E1BB] - 18-01-14 - 12:29:10 ---A- . (...) -- C:\Windows\System32\perfh009.dat [710244]
O44 - LFC:[MD5.5CB45BBAB10914D0F3803C07043B1D06] - 18-01-14 - 12:29:10 ---A- . (...) -- C:\Windows\System32\perfh00C.dat [800978]
O44 - LFC:[MD5.276AC78ABDC050DB259CEB10DCB7D30F] - 22-01-14 - 09:01:43 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1318206]
O44 - LFC:[MD5.00CACB50E4E48ACD0D64E8260ACB2BC7] - 22-01-14 - 11:32:30 --HA- . (...) -- C:\Windows\bootstat.dat [67584]
~ Files: 18 Scanned in 00mn 08s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.966AFD04B200725C73BEE67E29412060] - 02-01-14 - 11:32:27 ---A- - C:\Windows\Prefetch\SHAREAZA.EXE-17485F61.pf
O45 - LFCP:[MD5.0B6E2D7EBBD1625D1BA977E41FC873FB] - 02-01-14 - 11:50:21 ---A- - C:\Windows\Prefetch\SOFTONICDOWNLOADER_POUR_UTORR-5C14BBBC.pf =>Toolbar.Conduit
O45 - LFCP:[MD5.B15D8D109E99278E0D424B7765A5A0B2] - 02-01-14 - 11:51:53 ---A- - C:\Windows\Prefetch\YTD_BU10_SETUP.EXE-EC5B8042.pf
O45 - LFCP:[MD5.6D0F66017BAB30765403D00FCBC0C69B] - 02-01-14 - 11:52:00 ---A- - C:\Windows\Prefetch\NSS65B7.EXE-35CB2C02.pf
O45 - LFCP:[MD5.07FAC85E2B12437F698D77B67C2C70E6] - 02-01-14 - 11:52:00 ---A- - C:\Windows\Prefetch\UTT5A23.TMP.EXE-0B87EA65.pf
O45 - LFCP:[MD5.9C6BEEDDCD2E0B8115247151496FA319] - 02-01-14 - 11:53:12 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-D81B3462.pf
O45 - LFCP:[MD5.D0407BFAF12F2D3AEC6A8601D7409644] - 02-01-14 - 14:52:01 ---A- - C:\Windows\Prefetch\HSSCP.EXE-FE67C193.pf
O45 - LFCP:[MD5.89A888344E37791D273F13356FF5887F] - 02-01-14 - 14:57:37 ---A- - C:\Windows\Prefetch\NSA7552.EXE-5F8C79A3.pf
O45 - LFCP:[MD5.EC18910D975A7390D63D653EBB0132FB] - 03-01-14 - 13:20:50 ---A- - C:\Windows\Prefetch\REG.EXE-CC1AF0A4.pf
O45 - LFCP:[MD5.ED2D975BF320FADCA11C602AEDB8E0F3] - 03-01-14 - 17:25:37 ---A- - C:\Windows\Prefetch\DSMUSERTASK.EXE-D4A83970.pf
O45 - LFCP:[MD5.A7EA18F53CDE41F5C10DC280510C4A20] - 03-01-14 - 17:54:05 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-5C19A1CB.pf
O45 - LFCP:[MD5.4458802238E0F9CC9495A889864E3995] - 03-01-14 - 18:01:27 ---A- - C:\Windows\Prefetch\BACKITUP.EXE-135E12CC.pf
O45 - LFCP:[MD5.FE6CAAF9DA0D23D441E8EE346B261821] - 03-01-14 - 18:04:10 ---A- - C:\Windows\Prefetch\MOVIEMAKER.EXE-A6401490.pf
O45 - LFCP:[MD5.D79A022900375AADA26DF9C7D87A601A] - 03-01-14 - 18:05:18 ---A- - C:\Windows\Prefetch\GLCND.EXE-E78A3D46.pf
O45 - LFCP:[MD5.BFA8D46500FC94AFBD322FD6FFD4328C] - 03-01-14 - 18:07:07 ---A- - C:\Windows\Prefetch\NCC.EXE-EC3816AD.pf
O45 - LFCP:[MD5.B09BCCFF11A884A100049CAD2D4B8C4E] - 06-01-14 - 20:47:41 ---A- - C:\Windows\Prefetch\MSDT.EXE-A16F1692.pf
O45 - LFCP:[MD5.B8C919A6EBF7A73B9A6B39879C77A263] - 06-01-14 - 21:28:04 ---A- - C:\Windows\Prefetch\UTORRENT-1-.EXE-373B03D6.pf =>P2P.µTorrent
O45 - LFCP:[MD5.F676EE48C6B62293AE30106BFE0BFE21] - 06-01-14 - 21:30:13 ---A- - C:\Windows\Prefetch\UTT7EDF.TMP.EXE-9180945C.pf
O45 - LFCP:[MD5.DC7978ACFAFDA2BF69C7E2AC20FC117B] - 06-01-14 - 21:33:33 ---A- - C:\Windows\Prefetch\SYSPLAYER.EXE-4BD56C8B.pf
O45 - LFCP:[MD5.2CE9F019108DCBD07B50C69923556723] - 07-01-14 - 15:31:15 ---A- - C:\Windows\Prefetch\CCLEANER64.EXE-1137D9AC.pf =>Piriform Ltd
O45 - LFCP:[MD5.D77BB86D02A79C9053A800DC57F6FA6F] - 08-01-14 - 12:43:06 ---A- - C:\Windows\Prefetch\TASKMGR.EXE-39AABA37.pf
O45 - LFCP:[MD5.59719E65897C66AF39ECE34BA856D3AA] - 08-01-14 - 12:44:41 ---A- - C:\Windows\Prefetch\HELPPANE.EXE-5A92E3D5.pf
O45 - LFCP:[MD5.B17B5C50213E1A03ED54F9B1DF0141F8] - 08-01-14 - 12:48:51 ---A- - C:\Windows\Prefetch\AU_.EXE-3451411E.pf
O45 - LFCP:[MD5.56C5A27FDFA1F2A04342AE3840D5422B] - 08-01-14 - 12:49:44 ---A- - C:\Windows\Prefetch\TU17P84.EXE-65A5FD63.pf
O45 - LFCP:[MD5.94DBDD3CB0A1255EED7AACA0F5ECF952] - 12-01-14 - 21:41:16 ---A- - C:\Windows\Prefetch\UPDATER.EXE-FC5BA8AA.pf
O45 - LFCP:[MD5.79354110E54DBE63F51CB5F1ABCDFC80] - 12-01-14 - 21:41:53 ---A- - C:\Windows\Prefetch\GAMECONSOLE-WT.EXE-955CC1AB.pf
O45 - LFCP:[MD5.235BA20155FDE64D89F30C32B1E441DD] - 12-01-14 - 22:21:48 ---A- - C:\Windows\Prefetch\NOTEPAD.EXE-1A4CC1C3.pf
O45 - LFCP:[MD5.B97AD2A9AFBEF3F2EB68ECF63D14F01A] - 13-01-14 - 11:35:43 ---A- - C:\Windows\Prefetch\EXPLORER.EXE-03C49D11.pf
O45 - LFCP:[MD5.C2C7F97F5540443E42829966A55621A4] - 13-01-14 - 11:37:22 ---A- - C:\Windows\Prefetch\UNINS000.EXE-B2F9B9B1.pf
O45 - LFCP:[MD5.8F41D617AAB88677EF768B5AC5CFCEA5] - 13-01-14 - 11:37:24 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-D24BF1A3.pf
O45 - LFCP:[MD5.D955D033B644F458DF25207B5FB9A1DA] - 15-01-14 - 01:44:18 ---A- - C:\Windows\Prefetch\SMSS.EXE-81AD91F0.pf
O45 - LFCP:[MD5.39FB233293617E8926C3B825D7A7D453] - 15-01-14 - 11:46:20 ---A- - C:\Windows\Prefetch\ATBROKER.EXE-8B8F7F7C.pf
O45 - LFCP:[MD5.78BD36A45FD13F91F439C4D8B3696351] - 15-01-14 - 11:46:20 ---A- - C:\Windows\Prefetch\CSRSS.EXE-A7A2B218.pf
O45 - LFCP:[MD5.B50E32EBA94728A31A97386C7B78FE2E] - 15-01-14 - 11:46:20 ---A- - C:\Windows\Prefetch\DWM.EXE-F29FE9E2.pf
O45 - LFCP:[MD5.4629185E3857C33B71D9648F65B1600E] - 15-01-14 - 11:46:20 ---A- - C:\Windows\Prefetch\WINLOGON.EXE-0D9AB72B.pf
O45 - LFCP:[MD5.0A7C375E99694E0456970BAB2862F534] - 15-01-14 - 11:47:35 ---A- - C:\Windows\Prefetch\AgCx_SC5.db
O45 - LFCP:[MD5.D6F96918073D1126C59B05B70655AC99] - 15-01-14 - 12:02:36 ---A- - C:\Windows\Prefetch\MRTSTUB.EXE-CE0AFD61.pf
O45 - LFCP:[MD5.6E9911E9BD14597A3EB81123F8C0E0F0] - 15-01-14 - 12:02:40 ---A- - C:\Windows\Prefetch\WINDOWS-KB890830-X64-V5.8-DEL-EB4D4CBB.pf
O45 - LFCP:[MD5.8C66E37E813518A046025328E1A444F4] - 15-01-14 - 12:02:45 ---A- - C:\Windows\Prefetch\MRT.EXE-07B7D631.pf
O45 - LFCP:[MD5.FA9D3A098F419FDE4498D673746EC023] - 16-01-14 - 09:34:11 ---A- - C:\Windows\Prefetch\SETUP.EXE-712573E0.pf
O45 - LFCP:[MD5.3EA9037A6FBF89899CB59EF2C05C662E] - 16-01-14 - 09:34:19 ---A- - C:\Windows\Prefetch\32.0.1700.76_31.0.1650.63_CHR-9F1AF351.pf
O45 - LFCP:[MD5.29359233736B424A837578F4AB76E3AB] - 16-01-14 - 09:34:23 ---A- - C:\Windows\Prefetch\SETUP.EXE-20B6975E.pf
O45 - LFCP:[MD5.9222A1D08A751B85CFC8694080E4C0EE] - 16-01-14 - 09:41:28 ---A- - C:\Windows\Prefetch\GOOGLECRASHHANDLER.EXE-6DFABA28.pf
O45 - LFCP:[MD5.45CB772375E56980F3F64E5D20B722FB] - 16-01-14 - 09:41:28 ---A- - C:\Windows\Prefetch\GOOGLECRASHHANDLER64.EXE-5318B08A.pf
O45 - LFCP:[MD5.1883095B8A939C2193AF386591AE687F] - 16-01-14 - 10:13:06 ---A- - C:\Windows\Prefetch\SDIAGNHOST.EXE-D8BC1DC6.pf
O45 - LFCP:[MD5.14B96B12CFD93A5CCB50FD3828BB1552] - 16-01-14 - 10:13:11 ---A- - C:\Windows\Prefetch\W32TM.EXE-78C041DB.pf
O45 - LFCP:[MD5.D1AB2DB32C205E5613DA9C760822016F] - 16-01-14 - 10:13:20 ---A- - C:\Windows\Prefetch\PING.EXE-167FE968.pf
O45 - LFCP:[MD5.31936BED1A33BB7986B58ECB35338604] - 16-01-14 - 13:25:59 ---A- - C:\Windows\Prefetch\NOTEPAD.EXE-B28CC291.pf
O45 - LFCP:[MD5.D39E9DC8A43F1DCF038288530356EC04] - 16-01-14 - 13:26:03 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-B865F023.pf
O45 - LFCP:[MD5.C025D523D80EAD4D2C106193546261D7] - 16-01-14 - 13:26:14 ---A- - C:\Windows\Prefetch\WWAHOST.EXE-5F7F692E.pf
O45 - LFCP:[MD5.4F722E09DCF9616F1973D97466487E44] - 16-01-14 - 13:26:16 ---A- - C:\Windows\Prefetch\LIVECOMM.EXE-F1928578.pf
O45 - LFCP:[MD5.BE3780FDB4E3089437D306D59C2CB2CF] - 16-01-14 - 13:26:26 ---A- - C:\Windows\Prefetch\BACKGROUNDTRANSFERHOST.EXE-9145C254.pf
O45 - LFCP:[MD5.F844B3E9F28E7952D626B670CE650C9A] - 16-01-14 - 13:26:28 ---A- - C:\Windows\Prefetch\WMPLAYER.EXE-B0AD61F0.pf
O45 - LFCP:[MD5.5711C1AC9CEB0254B5B3E4FE98C62175] - 17-01-14 - 13:49:08 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-801B023A.pf
O45 - LFCP:[MD5.55BF8ED7B4F20130F7466666C247630A] - 17-01-14 - 13:49:08 ---A- - C:\Windows\Prefetch\WWAHOST.EXE-9178D9A9.pf
O45 - LFCP:[MD5.16E652A7DFFBA46091D0606DC29F355C] - 17-01-14 - 13:49:09 ---A- - C:\Windows\Prefetch\WSHOST.EXE-05F0A3AF.pf
O45 - LFCP:[MD5.7DE9E2B74695060D7EDF0927E0FAAF2C] - 17-01-14 - 13:49:58 ---A- - C:\Windows\Prefetch\WERMGR.EXE-D948C216.pf
O45 - LFCP:[MD5.1FBAF2642FE740F17AFEA3C6934D01EF] - 17-01-14 - 14:20:10 ---A- - C:\Windows\Prefetch\TASKHOST.EXE-AB312CEC.pf
O45 - LFCP:[MD5.C3F0D051D2A71A9600A65F753137D686] - 18-01-14 - 03:00:11 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-C92CB267.pf
O45 - LFCP:[MD5.164790B8AE600E468703162B30B746A3] - 18-01-14 - 03:01:46 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-4F60B70E.pf
O45 - LFCP:[MD5.CFC6038E89057742A162EAE7DBAEB027] - 18-01-14 - 03:01:46 ---A- - C:\Windows\Prefetch\WINSAT.EXE-A854C4D0.pf
O45 - LFCP:[MD5.1346EC9FBEC47DA8986D572FCE25C3D8] - 18-01-14 - 12:05:43 ---A- - C:\Windows\Prefetch\WUAUCLT.EXE-4A7CF88B.pf
O45 - LFCP:[MD5.A88C4C09B3CFC4D75BE2AECD22C51B06] - 18-01-14 - 12:20:57 ---A- - C:\Windows\Prefetch\ATIECLXX.EXE-A62CF8E4.pf
O45 - LFCP:[MD5.ADEE00DD48E3920C133B647287667D83] - 18-01-14 - 12:21:03 ---A- - C:\Windows\Prefetch\POQEXEC.EXE-43A49B23.pf
O45 - LFCP:[MD5.E665A1DDFFAC9516E2FF39EE509FAA05] - 18-01-14 - 12:21:28 ---A- - C:\Windows\Prefetch\PfSvPerfStats.bin
O45 - LFCP:[MD5.CC39A6F6A7FE381229D95574280A392C] - 18-01-14 - 12:24:07 ---A- - C:\Windows\Prefetch\DKRUN32.EXE-8583E6AC.pf
O45 - LFCP:[MD5.0A33791EF320503807099C8D85E41F1D] - 18-01-14 - 12:24:07 ---A- - C:\Windows\Prefetch\LPKSETUP.EXE-EE6EE0C2.pf
O45 - LFCP:[MD5.B54A9D6569512CB159F9600AB30F399A] - 18-01-14 - 12:24:09 ---A- - C:\Windows\Prefetch\LMUTILPS32.EXE-9827F12C.pf
O45 - LFCP:[MD5.17E7D84F5021C6E28B62C3AF3218593B] - 18-01-14 - 12:24:10 ---A- - C:\Windows\Prefetch\ETDCTRLHELPER.EXE-6A174316.pf
O45 - LFCP:[MD5.66EC4E79684E7A14E8BA432E4ED64C8D] - 18-01-14 - 12:24:10 ---A- - C:\Windows\Prefetch\SEARCHINDEXER.EXE-EF8503D3.pf
O45 - LFCP:[MD5.CAD5FDB129F21FEDAA2D42814EFA881F] - 18-01-14 - 12:24:11 ---A- - C:\Windows\Prefetch\ETDCTRL.EXE-91BAE8DE.pf
O45 - LFCP:[MD5.1B3D5A0312F8575D1173E6747DC12774] - 18-01-14 - 12:24:13 ---A- - C:\Windows\Prefetch\LMANAGER.EXE-49876884.pf
O45 - LFCP:[MD5.371C17BD9F4E1786FEDBFC9CDC9337B4] - 18-01-14 - 12:24:16 ---A- - C:\Windows\Prefetch\MMDX64FX.EXE-4C9473D7.pf
O45 - LFCP:[MD5.75D19E0114AD8D2AEA17083755DE6B7C] - 18-01-14 - 12:24:16 ---A- - C:\Windows\Prefetch\RUNONCE.EXE-E874B0D0.pf
O45 - LFCP:[MD5.D34EE4CAB088928B611E0522EDD61F42] - 18-01-14 - 12:24:17 ---A- - C:\Windows\Prefetch\AVASTEMUPDATE.EXE-0DD1597D.pf
O45 - LFCP:[MD5.666A8C1C2DA41D7D9DF34EDF8C68FF90] - 18-01-14 - 12:24:23 ---A- - C:\Windows\Prefetch\UTORRENT.EXE-3D387F6C.pf =>P2P.µTorrent
O45 - LFCP:[MD5.932B3EF4E822EB49C533BC92D842456E] - 18-01-14 - 12:24:24 ---A- - C:\Windows\Prefetch\AVASTUI.EXE-DC11C262.pf
O45 - LFCP:[MD5.00385980B6EB6F0201F87675F6A885F4] - 18-01-14 - 12:24:25 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-1B28B747.pf
O45 - LFCP:[MD5.80B61491FDDEA4F3E78E90ED7AB74AF4] - 18-01-14 - 12:25:08 ---A- - C:\Windows\Prefetch\AgCx_SC4.db
O45 - LFCP:[MD5.F33A479E1F6D18FFF9F124929C7F5F1A] - 18-01-14 - 12:25:19 ---A- - C:\Windows\Prefetch\GAMESAPPINTEGRATIONSERVICE.EX-D44D8C89.pf
O45 - LFCP:[MD5.66DDC45F37876B72D7A6C6BDEBF6FA25] - 18-01-14 - 12:25:22 ---A- - C:\Windows\Prefetch\RICONMAN.EXE-D63AD6B8.pf
O45 - LFCP:[MD5.138A06163AD49D47AA05DF79CAC1C1ED] - 18-01-14 - 12:25:23 ---A- - C:\Windows\Prefetch\NASVC.EXE-314DC6C9.pf
O45 - LFCP:[MD5.A42A3C93C277742F42565D4A6ED77D20] - 18-01-14 - 12:25:28 ---A- - C:\Windows\Prefetch\WMPNETWK.EXE-13D172B9.pf
O45 - LFCP:[MD5.38783DBD878A70B9589AEBFF7F0B8A39] - 18-01-14 - 12:27:14 ---A- - C:\Windows\Prefetch\WMIADAP.EXE-7D63BB4C.pf
O45 - LFCP:[MD5.11D9C7B08BC2393DE0F9C61048747FC4] - 18-01-14 - 12:53:55 ---A- - C:\Windows\Prefetch\TASKHOST.EXE-D687BE54.pf
O45 - LFCP:[MD5.0CDAE18C526B2F290CEBDE0E2A50DF72] - 19-01-14 - 17:07:12 ---A- - C:\Windows\Prefetch\WERFAULT.EXE-44194444.pf
O45 - LFCP:[MD5.2282A6668755BCDA529C30F4395C9177] - 19-01-14 - 17:22:18 ---A- - C:\Windows\Prefetch\RUNTIMEBROKER.EXE-17E2786F.pf
O45 - LFCP:[MD5.7D3DFDA4ECC5E486F1A156698B24DDA0] - 20-01-14 - 12:28:19 ---A- - C:\Windows\Prefetch\CLASSICSHELLUPDATE.EXE-AED4815B.pf
O45 - LFCP:[MD5.5165722E27D9C9D24C291FCBBB603984] - 20-01-14 - 12:28:44 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-5C94BCB3.pf
O45 - LFCP:[MD5.A31E674B45D9E41D647B842DF4A2955D] - 20-01-14 - 12:29:41 ---A- - C:\Windows\Prefetch\OPENWITH.EXE-BA0DC300.pf
O45 - LFCP:[MD5.ECCB5CA30381DFDBE8FA09D7E5B23AE9] - 20-01-14 - 13:06:55 ---A- - C:\Windows\Prefetch\SETUP_WM.EXE-5D2609E7.pf
O45 - LFCP:[MD5.A3DC2BC3BD60B6FB697A186DAB724C7C] - 20-01-14 - 13:51:58 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-4492B02F.pf
O45 - LFCP:[MD5.CE3E4A25A0A189C01C0A7495B35F0AFC] - 21-01-14 - 13:23:14 ---A- - C:\Windows\Prefetch\WERFAULT.EXE-94CE7668.pf
O45 - LFCP:[MD5.CFD017D5056A1275EFF0F0B33150428B] - 21-01-14 - 13:32:17 ---A- - C:\Windows\Prefetch\WMPLAYER.EXE-B0AD61F1.pf
O45 - LFCP:[MD5.FED19E113B56029D0FE4BBA927D4F356] - 21-01-14 - 13:35:40 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-50DEE1CF.pf
O45 - LFCP:[MD5.C8DE99CEF9156EFBDAD226F6F2DEF60A] - 21-01-14 - 13:39:44 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-EA0A52C8.pf
O45 - LFCP:[MD5.01481ACEE1DF3D4263369460740EC9BE] - 21-01-14 - 13:39:44 ---A- - C:\Windows\Prefetch\TASKHOST.EXE-86081325.pf
O45 - LFCP:[MD5.CF551144A14EF7E2479BB4F26F9BF9E9] - 21-01-14 - 13:39:55 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-9E940D77.pf
O45 - LFCP:[MD5.150DD76CFF6D4F0809788DA889C88E14] - 21-01-14 - 13:40:34 ---A- - C:\Windows\Prefetch\DEFRAG.EXE-22AD8A37.pf
O45 - LFCP:[MD5.DF2C0A661C5A71AEF2E57DD4CF62B71C] - 21-01-14 - 13:40:35 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-5511E724.pf
O45 - LFCP:[MD5.7534FB144B7656656A8B4CE8A4925C75] - 21-01-14 - 13:59:42 ---A- - C:\Windows\Prefetch\dynreservedpri.db
O45 - LFCP:[MD5.B6EA8EB6C7B5226BC120E42DF2081FD4] - 22-01-14 - 08:49:46 ---A- - C:\Windows\Prefetch\GOOGLETOOLBARMANAGER_231F3FD1-4A43458F.pf =>Toolbar.Google
O45 - LFCP:[MD5.5A9A4CFE9C7716A1C5213A70120E6765] - 22-01-14 - 08:49:46 ---A- - C:\Windows\Prefetch\GOOGLEUPDATEONDEMAND.EXE-C0EC6A02.pf
O45 - LFCP:[MD5.E15F9FDEDF4B7C4F7A92BF4399C2082D] - 22-01-14 - 08:49:46 ---A- - C:\Windows\Prefetch\GOOGLEUPDATERSERVICE.EXE-5B31194A.pf
O45 - LFCP:[MD5.1052577387C11A1FD677E78519F6D5E6] - 22-01-14 - 08:49:51 ---A- - C:\Windows\Prefetch\GOOGLETOOLBARNOTIFIER.EXE-B25C45A8.pf =>Toolbar.Google
O45 - LFCP:[MD5.1CE2764F49EA063CF768114CFBEB7188] - 22-01-14 - 08:50:34 ---A- - C:\Windows\Prefetch\AgCx_SC2.db
O45 - LFCP:[MD5.80EC011B5CE06236555F2DAC120244EC] - 22-01-14 - 08:51:18 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-C1C2EFBE.pf
O45 - LFCP:[MD5.308A31AC4A202E9C7E9FACB5A464673C] - 22-01-14 - 09:18:56 ---A- - C:\Windows\Prefetch\TASKHOST.EXE-3C5D03F7.pf
O45 - LFCP:[MD5.5845F4273D554B2FAFEAE05AA0B7024E] - 22-01-14 - 09:18:56 ---A- - C:\Windows\Prefetch\TASKHOSTEX.EXE-7356AAC0.pf
O45 - LFCP:[MD5.50009BD5B715843074F9CB17A5E4B9FE] - 22-01-14 - 09:18:57 ---A- - C:\Windows\Prefetch\SETTINGSYNCHOST.EXE-DD400067.pf
O45 - LFCP:[MD5.F24D65909BF77485F9A474420100F785] - 22-01-14 - 09:18:57 ---A- - C:\Windows\Prefetch\TIWORKER.EXE-375F3D59.pf
O45 - LFCP:[MD5.9647ECF673069B53C7913B563FF2447F] - 22-01-14 - 09:18:57 ---A- - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-B018CCBF.pf
O45 - LFCP:[MD5.8DF4F0627F0EFB148BA8D71946AE8061] - 22-01-14 - 09:18:59 ---A- - C:\Windows\Prefetch\MSIEXEC.EXE-7D20CFB0.pf
O45 - LFCP:[MD5.BE3C0645D466F79BC7D93510F2C01532] - 22-01-14 - 09:18:59 ---A- - C:\Windows\Prefetch\NGEN.EXE-A8DBB043.pf
O45 - LFCP:[MD5.C37D35526C7822617CF382DB2CFB9AFB] - 22-01-14 - 09:19:00 ---A- - C:\Windows\Prefetch\NGEN.EXE-383F81D5.pf
O45 - LFCP:[MD5.16DB5CAFF4FBCA2AB5164F6233AA16B6] - 22-01-14 - 09:19:02 ---A- - C:\Windows\Prefetch\NGENTASK.EXE-CD4E002C.pf
O45 - LFCP:[MD5.0BB692728A6EC58C16514377FDCB493F] - 22-01-14 - 09:19:08 ---A- - C:\Windows\Prefetch\Layout.ini
O45 - LFCP:[MD5.58A359A5C95BECE710AD1D52AF55B4E3] - 22-01-14 - 09:20:10 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-574A519D.pf
O45 - LFCP:[MD5.C588051ACB4CCF24658377700E376388] - 22-01-14 - 09:20:10 ---A- - C:\Windows\Prefetch\VSSVC.EXE-206E55B3.pf
O45 - LFCP:[MD5.33B8AD4529BB44670528126F42A0CA6A] - 22-01-14 - 09:20:38 ---A- - C:\Windows\Prefetch\TASKHOST.EXE-985C34E6.pf
O45 - LFCP:[MD5.54164969E39DC0B55DDBD9FAC7A295AE] - 22-01-14 - 09:20:46 ---A- - C:\Windows\Prefetch\NGENTASK.EXE-4DB88ADA.pf
O45 - LFCP:[MD5.2829021D492F5513C006EB245E7A1507] - 22-01-14 - 09:23:35 ---A- - C:\Windows\Prefetch\MAKECAB.EXE-E962779E.pf
O45 - LFCP:[MD5.31B03DD2E5E50DCF0EF08FA10EB9CF15] - 22-01-14 - 10:21:08 ---A- - C:\Windows\Prefetch\TASKHOST.EXE-05B3EDF6.pf
O45 - LFCP:[MD5.18A16AB64A5203522844E58570D5BA17] - 22-01-14 - 10:21:08 ---A- - C:\Windows\Prefetch\TASKHOST.EXE-F2C7AEBC.pf
O45 - LFCP:[MD5.8F7AFCB75525EF5DA877D0085B383D6A] - 22-01-14 - 10:24:59 ---A- - C:\Windows\Prefetch\INSTUP.EXE-3AF05CB9.pf
O45 - LFCP:[MD5.7E4BC8B583998910906FACCE4544810F] - 22-01-14 - 10:25:26 ---A- - C:\Windows\Prefetch\AVBUGREPORT.EXE-E4EA699E.pf
O45 - LFCP:[MD5.9E9537071C5CCDA7D2B5E09C2A629C37] - 22-01-14 - 10:25:28 ---A- - C:\Windows\Prefetch\MPCMDRUN.EXE-6520183E.pf
O45 - LFCP:[MD5.1AF2E778F532F73969160DA3C309C6DA] - 22-01-14 - 11:32:33 ---A- - C:\Windows\Prefetch\LOGONUI.EXE-E35F76FB.pf
O45 - LFCP:[MD5.3F1D1D49351227FCBF47C919FA8E4E53] - 22-01-14 - 11:32:45 ---A- - C:\Windows\Prefetch\AgCx_SC1.db.trx
O45 - LFCP:[MD5.7B559C156213288DBC9AD910070FE569] - 22-01-14 - 11:32:45 ---A- - C:\Windows\Prefetch\THUMBNAILEXTRACTIONHOST.EXE-C3FB8861.pf
O45 - LFCP:[MD5.2647FC1E5B8A73789A7FED8C77FCFDEE] - 22-01-14 - 11:32:57 ---A- - C:\Windows\Prefetch\WMIPRVSE.EXE-BB49B536.pf
O45 - LFCP:[MD5.59ECAB3B158FD3CD21AAB8E77CDCE152] - 22-01-14 - 11:33:00 ---A- - C:\Windows\Prefetch\GOOGLEUPDATE.EXE-62E5E10F.pf
O45 - LFCP:[MD5.5955C2266802CE1A413E3A10290D1DF2] - 22-01-14 - 11:33:00 ---A- - C:\Windows\Prefetch\WWAHOST.EXE-7761B151.pf
O45 - LFCP:[MD5.D1CF3699BA463F47123BE208139F9E83] - 22-01-14 - 11:33:03 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-6AA5D6C5.pf
O45 - LFCP:[MD5.34676D43909524EA7B6052CAA4895018] - 22-01-14 - 11:33:45 ---A- - C:\Windows\Prefetch\AgCx_SC1.db
O45 - LFCP:[MD5.5E5A6748E8198959129E453E5EBEF132] - 22-01-14 - 11:36:44 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-2766722852-1349922305-1626358630-1001.db
O45 - LFCP:[MD5.C5B1930192CBBB0A0F114DCD724E20C8] - 22-01-14 - 11:36:44 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-2766722852-1349922305-1626358630-1001.db
O45 - LFCP:[MD5.EC3806B162F3516925355E0BFE3F8BC4] - 22-01-14 - 11:39:15 ---A- - C:\Windows\Prefetch\AgRobust.db
O45 - LFCP:[MD5.76E4E6658B4E05D206B8016837FE9EDA] - 22-01-14 - 11:39:16 ---A- - C:\Windows\Prefetch\AgGlFaultHistory.db
O45 - LFCP:[MD5.B9CC16FAB53D4BEB6C45D2AD6C7F50FC] - 22-01-14 - 11:39:16 ---A- - C:\Windows\Prefetch\AgGlGlobalHistory.db
O45 - LFCP:[MD5.A801F6F238C7E85CA4D527E801C44B2A] - 22-01-14 - 11:39:17 ---A- - C:\Windows\Prefetch\AgGlFgAppHistory.db
O45 - LFCP:[MD5.33A60556F08815B2D61F2FF924B86207] - 22-01-14 - 11:45:14 ---A- - C:\Windows\Prefetch\GOOGLETOOLBARUSER_32.EXE-992C17DF.pf =>Toolbar.Google
O45 - LFCP:[MD5.958D0F648D1FBDE518C43A1EC0D2F8CE] - 22-01-14 - 11:50:35 ---A- - C:\Windows\Prefetch\Op-EXPLORER.EXE-03C49D11-000000F5.pf
O45 - LFCP:[MD5.A9D5D9D7ACA4EB508CA2B117527570E0] - 22-01-14 - 11:50:41 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-C7028A70.pf
O45 - LFCP:[MD5.A8AE1B1D25159001FAA9E8BBABABEBED] - 22-01-14 - 11:56:47 ---A- - C:\Windows\Prefetch\TASKHOST.EXE-29D61DAB.pf
O45 - LFCP:[MD5.7B1352D4398531E342BDCB1A779F56E9] - 22-01-14 - 12:02:12 ---A- - C:\Windows\Prefetch\NBCORE.EXE-693B371A.pf
O45 - LFCP:[MD5.1C136FABAB0AF9A28C239A776B26D554] - 22-01-14 - 12:02:16 ---A- - C:\Windows\Prefetch\TASKENG.EXE-23205583.pf
O45 - LFCP:[MD5.2D63D9CBD4A822CE5D308A6ECD72DA0A] - 22-01-14 - 12:05:30 ---A- - C:\Windows\Prefetch\MMC.EXE-A1AA2D38.pf
O45 - LFCP:[MD5.E28D5EE4E9C3CCB2E33CCF066D5D5EC8] - 22-01-14 - 12:05:31 ---A- - C:\Windows\Prefetch\VDS.EXE-F11BF333.pf
O45 - LFCP:[MD5.999ABF0BE8A519CFA4D217304AC7B546] - 22-01-14 - 12:05:31 ---A- - C:\Windows\Prefetch\VDSLDR.EXE-35269815.pf
O45 - LFCP:[MD5.14B3B7CC4D77BB1AC9198FD97382291B] - 22-01-14 - 12:06:53 ---A- - C:\Windows\Prefetch\IEXPLORE.EXE-7A9337F2.pf
O45 - LFCP:[MD5.B3F4B2F2FBB98C19C72CBF25ABE8B944] - 22-01-14 - 12:06:53 ---A- - C:\Windows\Prefetch\IEXPLORE.EXE-F4FB5D2F.pf
O45 - LFCP:[MD5.5CEC551EAAE7278EB39E91FC63CA0EF1] - 22-01-14 - 12:06:56 ---A- - C:\Windows\Prefetch\FLASHUTIL_ACTIVEX.EXE-4E6AE223.pf
O45 - LFCP:[MD5.04497A5FDDF58947E4A6C8752EA0D3AD] - 22-01-14 - 12:07:08 ---A- - C:\Windows\Prefetch\AUDIODG.EXE-9848A323.pf
O45 - LFCP:[MD5.CEF56BD88CBF10F78DCED6247C559D35] - 22-01-14 - 12:09:42 ---A- - C:\Windows\Prefetch\CONSENT.EXE-2D674CE4.pf
O45 - LFCP:[MD5.50C3A988F97C2DE4DC5A1D191EACEADA] - 22-01-14 - 12:09:42 ---A- - C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-10E4267C.pf
O45 - LFCP:[MD5.A3192D7505EC28FEC73C5BC26C955BB9] - 22-01-14 - 12:09:42 ---A- - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-C6CFE2A8.pf
O45 - LFCP:[MD5.28D54E4895A47558B0A7508ACCFD2E2F] - 22-01-14 - 12:09:49 ---A- - C:\Windows\Prefetch\ZHPDIAG2.TMP-4E557BC2.pf
O45 - LFCP:[MD5.403E3BEE15AA866F22457188D1EE197C] - 22-01-14 - 12:09:52 ---A- - C:\Windows\Prefetch\ZHPDIAG2.EXE-E41FEE92.pf
O45 - LFCP:[MD5.8DECB7E37A2A0977B2935A838CF8D0D2] - 22-01-14 - 12:09:54 ---A- - C:\Windows\Prefetch\ZHPDIAG2.TMP-5000C22A.pf
O45 - LFCP:[MD5.BD72DE3CD94705391A7C5BF357AA1B97] - 22-01-14 - 12:10:03 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-210D3DBE.pf
O45 - LFCP:[MD5.E8F15DCC19B2F0DCABAAAC9AA8838C51] - 22-01-14 - 12:10:05 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-38926D07.pf
O45 - LFCP:[MD5.2B3C958BC53F35B76EF319E9AFA38A9A] - 22-01-14 - 12:10:24 ---A- - C:\Windows\Prefetch\ZHPHEP.EXE-5F2753B1.pf
O45 - LFCP:[MD5.0229B738585D90B2AE291A1D7B188777] - 22-01-14 - 12:10:28 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-50AF0BCC.pf
O45 - LFCP:[MD5.14DAFC005D68C13612B32415C9876885] - 22-01-14 - 12:10:34 ---A- - C:\Windows\Prefetch\ZHPDIAG.EXE-C7289479.pf
O45 - LFCP:[MD5.0EBC3AD777ABD10807F732AF7FE200DE] - 22-01-14 - 12:11:13 ---A- - C:\Windows\Prefetch\CONHOST.EXE-F98A1078.pf
O45 - LFCP:[MD5.6E657C8568F5B698662E56B8A7868E9D] - 22-01-14 - 12:11:13 ---A- - C:\Windows\Prefetch\CSCRIPT.EXE-E9FF6526.pf
O45 - LFCP:[MD5.7D78EE8CCAA57359DD72DC4C0DA19797] - 22-01-14 - 12:11:18 ---A- - C:\Windows\Prefetch\PV.EXE-D9D90B9C.pf
O45 - LFCP:[MD5.A09A27E5AF4D7322F9A0B9AC45211B6F] - 22-01-14 - 12:11:18 ---A- - C:\Windows\Prefetch\WMIPRVSE.EXE-0C8A533A.pf
O45 - LFCP:[MD5.C617AA681D577BDBD07BEE55ACC98876] - 22-01-14 - 12:11:19 ---A- - C:\Windows\Prefetch\SPPSVC.EXE-7B160CA5.pf
O45 - LFCP:[MD5.F959E0F0FF3AFCDC1E7CE0F129DD8A2A] - 22-01-14 - 12:11:27 ---A- - C:\Windows\Prefetch\CMD.EXE-2EB3E6E2.pf
O45 - LFCP:[MD5.0B6D462D139658B26A8C57D1FF905887] - 22-01-14 - 12:11:28 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-5B401A7E.pf
O45 - LFCP:[MD5.8D9F53B43BB4D1861B5FDD85F7AAACE4] - 22-01-14 - 12:11:29 ---A- - C:\Windows\Prefetch\SUBINACL.EXE-D08B2113.pf
O45 - LFCP:[MD5.8D2AE54491C148C147B0EA7D1BA4CA1D] - 22-01-14 - 12:12:13 ---A- - C:\Windows\Prefetch\SCHTASKS.EXE-0AD36442.pf
O45 - LFCP:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 24-06-53 - 09:39:19 ----D - C:\Windows\Prefetch\ReadyBoot
~ Prefetcher: 175 Scanned in 00mn 01s



---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l’Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Package de sécurité Kerberos.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Fournisseur de sécurité TLS/SSL.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Live Security Package.) -- C:\Windows\System32\livessp.dll
~ LSA: 9 Scanned in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\BasicDisplay.sys . (.Microsoft Corporation - Microsoft Basic Display Driver.) -- C:\Windows\System32\Drivers\BasicDisplay.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\BasicRender.sys . (.Microsoft Corporation - Microsoft Basic Render Driver.) -- C:\Windows\System32\Drivers\BasicRender.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dxgkrnl.sys . (.Microsoft Corporation - DirectX Graphics Kernel.) -- C:\Windows\System32\Drivers\dxgkrnl.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\FsDepends.sys . (.Microsoft Corporation - File System Dependency Manager Mini Filter Driver.) -- C:\Windows\System32\Drivers\FsDepends.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\BasicDisplay.sys . (.Microsoft Corporation - Microsoft Basic Display Driver.) -- C:\Windows\System32\Drivers\BasicDisplay.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\BasicRender.sys . (.Microsoft Corporation - Microsoft Basic Render Driver.) -- C:\Windows\System32\Drivers\BasicRender.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dxgkrnl.sys . (.Microsoft Corporation - DirectX Graphics Kernel.) -- C:\Windows\System32\Drivers\dxgkrnl.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\FsDepends.sys . (.Microsoft Corporation - File System Dependency Manager Mini Filter Driver.) -- C:\Windows\System32\Drivers\FsDepends.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (...) -- C:\Windows\System32\Drivers\rdpencdd.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
~ CSB: 17 Scanned in 00mn 00s



---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
~ TDSD: 2 Scanned in 00mn 00s



---\\ Enumération des clés de registre SecurityProviders (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
~ MSCP: 2 Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableCursorSuppression"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
O55 - MWPS:[HKLM\...\Policies\System] - "SoftwareSASGeneration"=1
O55 - MWPS:[HKLM\...\Policies\System] - "NoSecCPL"=0
~ MWPS: 20 Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
~ MWPE Keys: 3 Scanned in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.4F18D4C7EA14F11A7211F60D553C03DB] - 26-07-12 - 06:00:49 ---A- . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\Drivers\3ware.sys [106736]
O58 - SDL:[MD5.93C6388592B99925C1D1576E465BC80F] - 26-07-12 - 06:00:49 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [492272]
O58 - SDL:[MD5.D27763E0247292654E7F7D16444C7C72] - 26-07-12 - 06:00:48 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\Drivers\adpahci.sys [340720]
O58 - SDL:[MD5.67B90070FF48F794AF19F9FCF0080D75] - 26-07-12 - 06:00:49 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\System32\Drivers\adpu320.sys [184048]
O58 - SDL:[MD5.35A0EB5AECB0FA3C41A2FB514A562304] - 26-07-12 - 06:00:49 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\Drivers\amdsata.sys [76016]
O58 - SDL:[MD5.00452671904F5EE94B50BF0219C97164] - 26-07-12 - 06:00:49 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows -.) -- C:\Windows\System32\Drivers\amdsbs.sys [258288]
O58 - SDL:[MD5.EA3FFE53E92E59C87E3ECA9BEB20D9B7] - 26-07-12 - 06:00:48 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\Drivers\amdxata.sys [26352]
O58 - SDL:[MD5.AF038FA3D3748B7595FE7096AD803696] - 29-04-13 - 14:36:13 ---A- . (.Dritek System Inc. - PS/2 KB to HID Device Driver.) -- C:\Windows\System32\Drivers\aPs2Kb2Hid.sys [26736]
O58 - SDL:[MD5.E933401B392387F4BE34DE8BAF1722A7] - 26-07-12 - 06:00:49 ---A- . (.PMC-Sierra, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\Drivers\arc.sys [104688]
O58 - SDL:[MD5.07CA323EF2E8247A568AB0F3662AD644] - 26-07-12 - 06:00:48 ---A- . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\Drivers\arcsas.sys [108272]
O58 - SDL:[MD5.D07E6D1765AEDD75E67987921BBA43AD] - 30-08-13 - 08:48:09 ---A- . (.AVAST Software - avast! Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\aswKbd.sys [22600]
O58 - SDL:[MD5.9C2BEA3957EFFD45F352F0938DFB3721] - 03-01-14 - 15:43:02 ---A- . (.AVAST Software - avast! File System Minifilter for Windows 2003/Vista.) -- C:\Windows\System32\Drivers\aswMonFlt.sys [78648]
O58 - SDL:[MD5.679712B7A353EE665B9301592164A172] - 22-11-13 - 16:18:14 ---A- . (.AVAST Software - avast! WFP Redirect Driver.) -- C:\Windows\System32\Drivers\aswRdr2.sys [92544]
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 22-11-13 - 16:18:15 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.52B5F8FAF7E78C02D26B0B6E3A05F596] - 03-01-14 - 15:43:03 ---A- . (.AVAST Software - avast! Virtualization Driver.) -- C:\Windows\System32\Drivers\aswSnx.sys [1034464]
O58 - SDL:[MD5.251360C2FCA22BAFE0583314B3262F98] - 03-01-14 - 15:43:02 ---A- . (.AVAST Software - avast! self protection module.) -- C:\Windows\System32\Drivers\aswSP.sys [422216]
O58 - SDL:[MD5.AAB5F5336EDBB5D99CC7E1A9F4D8F63F] - 03-01-14 - 15:43:27 ---A- . (.AVAST Software - Stream Filter.) -- C:\Windows\System32\Drivers\aswstm.sys [79672]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 03-01-14 - 15:43:03 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.F17ABC4AA1FE4989E812858261414FE5] - 01-08-12 - 11:41:34 ---A- . (.Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver.) -- C:\Windows\System32\Drivers\athw8x.sys [3618304]
O58 - SDL:[MD5.506907D2E7F3A5B67DBD39C00A788B7C] - 17-07-12 - 01:59:12 ---A- . (.Advanced Micro Devices - AMD High Definition Audio Function Driver.) -- C:\Windows\System32\Drivers\AtihdW86.sys [98472]
O58 - SDL:[MD5.5C4BB6AC06160C06DE04A3463DC8786B] - 21-08-12 - 16:36:26 ---A- . (.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\System32\Drivers\atikmdag.sys [10309120]
O58 - SDL:[MD5.E03813F54EBF5F3B5DF8AD010D883C23] - 21-08-12 - 14:28:02 ---A- . (.Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) -- C:\Windows\System32\Drivers\atikmpag.sys [370176]
O58 - SDL:[MD5.87AB5BB072A3F128541D5B815F82FFDD] - 20-09-12 - 08:55:24 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\Drivers\bxvbda.sys [533224]
O58 - SDL:[MD5.574A90ABAF275B11994C1ADE428CA2E6] - 20-09-12 - 07:11:24 ---A- . (.Conexant Systems Inc. - 64-bit High Definition Audio Function Driver.) -- C:\Windows\System32\Drivers\CHDRT64.sys [1609376]
O58 - SDL:[MD5.5507BF71815ECF0BCF9D97924D805839] - 07-12-12 - 10:19:12 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [331664]
O58 - SDL:[MD5.5AB97B3282D7D6114949D1EB5C8598E4] - 20-09-12 - 08:55:27 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\Drivers\evbda.sys [3265256]
O58 - SDL:[MD5.64DB7A8D97CA53DCCF93D0A1E08342CF] - 26-07-12 - 06:00:52 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\System32\Drivers\HpSAMD.sys [64752]
O58 - SDL:[MD5.5E394EBD26FD68AA9300332C46BEDD62] - 26-07-12 - 06:00:52 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\System32\Drivers\iaStorV.sys [411888]
O58 - SDL:[MD5.24847A06B84339FEEDE5CABF3D27D320] - 26-07-12 - 06:00:52 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\Drivers\iirsp.sys [45296]
O58 - SDL:[MD5.CBD16721541EE334F6D623CE0B4003BF] - 19-07-12 - 10:21:42 ---A- . (.Qualcomm Atheros Co., Ltd. - Qualcomm Atheros Ar81xx series PCI-E Gigabit Ethernet Controlle.) -- C:\Windows\System32\Drivers\L1C63x64.sys [110744]
O58 - SDL:[MD5.022CDD12161B063D7852B1075BF3FFF2] - 26-07-12 - 06:00:52 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas.sys [108784]
O58 - SDL:[MD5.07AD59D669B996F29F91817F0ECFA34F] - 26-07-12 - 06:00:52 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas2.sys [92400]
O58 - SDL:[MD5.216FB796AA4E252ACCE93B1BCB80B5EC] - 26-07-12 - 06:00:52 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_scsi.sys [116976]
O58 - SDL:[MD5.5E80530AF37102488EE980B4A92AF99F] - 26-07-12 - 06:00:52 ---A- . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sss.sys [81136]
O58 - SDL:[MD5.9B0D829C3BE4E7472DB9DD2B79908E3C] - 26-07-12 - 06:00:52 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\Drivers\megasas.sys [51952]
O58 - SDL:[MD5.ECC3F54C7AFC318271C4F0B4606D8DB0] - 26-07-12 - 06:00:52 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\Drivers\MegaSR.sys [353008]
O58 - SDL:[MD5.3A1E095277BBD406CEA8EA6B76950664] - 26-07-12 - 06:00:55 ---A- . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) -- C:\Windows\System32\Drivers\mvumis.sys [64240]
O58 - SDL:[MD5.1F7D12D9D242FCD7E0190B16FE965AF2] - 29-08-12 - 13:12:40 ---A- . (.Nero AG - Nero Backup Volume Filter Driver for the Disk Stack.) -- C:\Windows\System32\Drivers\NBVol.sys [73016]
O58 - SDL:[MD5.DE8910AE4FCC410D6D6CC540CBB5BE02] - 29-08-12 - 13:08:38 ---A- . (.Nero AG - Nero Backup Volume Upper Filter Driver for the Disk Stack.) -- C:\Windows\System32\Drivers\NBVolUp.sys [16696]
O58 - SDL:[MD5.12DD2800E4EEA37DC9AE256AD62423B4] - 26-07-12 - 06:00:55 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\Drivers\nfrd960.sys [52464]
O58 - SDL:[MD5.D6D34118263412D3AAA8348A9572B7F2] - 26-07-12 - 06:00:55 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\Drivers\nvraid.sys [150256]
O58 - SDL:[MD5.27AFC428D1D32ABD04A86763A4EDDEA9] - 26-07-12 - 06:00:55 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\Drivers\nvstor.sys [168176]
O58 - SDL:[MD5.B868B9C46B11067A809987415E8A08A0] - 03-08-12 - 10:55:34 ---A- . (.Realtek Semiconductor Corp. - Realtek Pcie CardReader Driver for 2K/XP/Vista/Win7/Win8.) -- C:\Windows\System32\Drivers\RtsPStor.sys [340112]
O58 - SDL:[MD5.A02C8EA09D5601FA0148739A95F31AEF] - 30-06-12 - 03:00:53 ---A- . (.Realtek Semiconductor Corporation - Realtek PCIE NDIS Driverr.) -- C:\Windows\System32\Drivers\rtwlane.sys [1119232]
O58 - SDL:[MD5.3EA8A16169C26AFBEB544E0E48421186] - 26-07-12 - 09:11:43 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\System32\Drivers\secdrv.sys [23040]
O58 - SDL:[MD5.2560721D6F16D5B611C36A3A9D28C1B2] - 26-07-12 - 06:00:55 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid2.sys [44784]
O58 - SDL:[MD5.3AA8FDE1DBF65BB8B88B053529554A0D] - 26-07-12 - 06:00:56 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid4.sys [81648]
O58 - SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] - 26-07-12 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:[MD5.37589D9EA791EEF283A14179B2370A87] - 16-10-13 - 02:44:40 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [42184]
O58 - SDL:[MD5.4875DC63E548812C75D4FDEF84970C89] - 18-06-12 - 11:07:50 ---A- . (.Advanced Micro Devices - AMD USB Filter Driver.) -- C:\Windows\System32\Drivers\usbfilter.sys [57000]
O58 - SDL:[MD5.F5B4A14B00E89250C50982AC762DDD1D] - 26-07-12 - 06:00:58 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\viaide.sys [19184]
O58 - SDL:[MD5.38A60CD9C009C55C6D3B5586F8E6A353] - 26-07-12 - 06:00:58 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\Drivers\vsmraid.sys [164080]
O58 - SDL:[MD5.A0F6FE0FC2F647C22BBFD6BD4249DBCC] - 26-07-12 - 06:00:58 ---A- . (.VIA Corporation - VIA StorX RAID Controller Driver.) -- C:\Windows\System32\Drivers\VSTXRAID.SYS [322800]
~ Drivers: 20 Scanned in 00mn 07s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 19-01-14 - 12:12:53 ---A- . (...) -- C:\Users\Epcs\AppData\Local\CrashDumps\LiveComm.exe.3816.dmp [2138840]
O61 - LFC: 19-01-14 - 12:12:53 ---A- . (...) -- C:\Users\Epcs\AppData\Local\CrashDumps\rundll32.exe.2620.dmp [2691201]
O61 - LFC: 19-01-14 - 12:12:53 ---A- . (...) -- C:\Users\Epcs\AppData\Local\CrashDumps\rundll32.exe.6072.dmp [2691489]
O61 - LFC: 20-01-14 - 12:13:00 ---A- . (...) -- C:\Users\Epcs\AppData\Local\Google\Toolbar Cache\7.5.4805.320\fr\translate_element.js.content [2385]
O61 - LFC: 20-01-14 - 12:13:20 ---A- . (...) -- C:\Users\Epcs\Music\Playlists\musique.wpl [256]
O61 - LFC: 20-01-14 - 12:13:20 -SHA- . (...) -- C:\Users\Epcs\Pictures\2013-06-15 anniversaire poto 2013\Thumbs.db [115200]
O61 - LFC: 20-01-14 - 12:13:20 -SHA- . (...) -- C:\Users\Epcs\Pictures\2013-10-26\Thumbs.db [40960]
O61 - LFC: 20-01-14 - 12:13:20 -SHA- . (...) -- C:\Users\Epcs\Pictures\2013-12-17\Thumbs.db [25600]
O61 - LFC: 20-01-14 - 12:13:20 -SHA- . (...) -- C:\Users\Epcs\Pictures\a envoyer\Thumbs.db [33280]
O61 - LFC: 21-01-14 - 12:12:53 ---A- . (...) -- C:\Users\Epcs\AppData\Local\CrashDumps\rundll32.exe.3736.dmp [2690017]
O61 - LFC: 21-01-14 - 12:12:53 ---A- . (...) -- C:\Users\Epcs\AppData\Local\CrashDumps\rundll32.exe.6384.dmp [2690161]
O61 - LFC: 21-01-14 - 12:13:00 ---A- . (...) -- C:\Users\Epcs\AppData\Local\Google\Toolbar Cache\7.5.4805.320\fr\translate_languages.json.content [2033]
O61 - LFC: 21-01-14 - 12:13:00 ---A- . (...) -- C:\Users\Epcs\AppData\Local\Google\Toolbar Cache\7.5.4805.320\profile_picture_8L2Q4CCK1VXUD114IFJ5.png.content [930]
O61 - LFC: 21-01-14 - 12:13:13 ---A- . (...) -- C:\Users\Epcs\AppData\Local\Packages\7digitalLtd.7digitalMusicStore_qv1vc61z2t2b4\Settings\settings.dat [8192]
O61 - LFC: 21-01-14 - 12:13:15 ---A- . (...) -- C:\Users\Epcs\AppData\Local\Packages\AMZNMobileLLC.KindleforWindows8_stfe6vwa9jnbp\Settings\settings.dat [8192]
O61 - LFC: 21-01-14 - 12:13:15 ---A- . (...) -- C:\Users\Epcs\AppData\Local\Packages\AcerIncorporated.PackardBellExplorer_48frkmn4z8aw4\Settings\settings.dat [8192] =>.Acer Inc
O61 - LFC: 21-01-14 - 12:13:15 ---A- . (...) -- C:\Users\Epcs\AppData\Local\Packages\CyberLinkCorp.ac.SocialNetworks_ypz87dpxkv292\Settings\settings.dat [8192] =>.CyberLink Corp
O61 - LFC: 21-01-14 - 12:13:15 ---A- . (...) -- C:\Users\Epcs\AppData\Local\Packages\CyberLinkCorp.ac.VideoWebCamera_ypz87dpxkv292\Settings\settings.dat [8192] =>.CyberLink Corp
O61 - LFC: 21-01-14 - 12:13:15 ---A- . (...) -- C:\Users\Epcs\AppData\Local\Packages\GAMELOFTSA.SharkDash_0pp20fcewvvtj\Settings\settings.dat [8192]
O61 - LFC: 21-01-14 - 12:13:15 ---A- . (...) -- C:\Users\Epcs\AppData\Local\Packages\MAGIX.MusicMakerJam_a2t3txkz9j1jw\Settings\settings.dat [262144] =>.MAGIX AG
O61 - LFC: 21-01-14 - 12:13:15 ---A- . (...) -- C:\Users\Epcs\AppData\Local\Packages\eBayInc.eBay_1618n3s9xq8tw\Settings\settings.dat [8192] =>Toolbar.eBay
O61 - LFC: 21-01-14 - 12:13:15 ---A- . (...) -- C:\Users\Epcs\AppData\Local\Packages\esobiIncorporated.newsXpressoMetro_sngswjb5h6fyg\Settings\settings.dat [8192]
O61 - LFC: 21-01-14 - 12:13:16 ---A- . (...) -- C:\Users\Epcs\AppData\Local\Packages\TuneIn.TuneInRadio_6bhtb546zcxnj\Settings\settings.dat [8192]
O61 - LFC: 21-01-14 - 12:13:16 ---A- . (...) -- C:\Users\Epcs\AppData\Local\Packages\WildTangentGames.-GamesApp-_qt5r5pa5dyg8m\Settings\settings.dat [8192] =>.WildTangent Games
O61 - LFC: 21-01-14 - 12:13:17 ---A- . (...) -- C:\Users\Epcs\AppData\Local\Packages\ZeptoLabUKLimited.CutTheRope_sq9zxnwrk84pj\Settings\settings.dat [8192]
O61 - LFC: 21-01-14 - 12:13:17 ---A- . (...) -- C:\Users\Epcs\AppData\Local\Packages\ZinioLLC.Zinio_0q6dqzpp40p2e\Settings\settings.dat [8192] =>.Zinio LLC
O61 - LFC: 21-01-14 - 12:13:17 ---A- . (...) -- C:\Users\Epcs\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat [8192]
O61 - LFC: 21-01-14 - 12:13:18 ---A- . (...) -- C:\Users\Epcs\AppData\Roaming\Nero\Nero 12\Nero BackItUp\Cache\MergeLog.txt [1808]
O61 - LFC: 21-01-14 - 12:13:18 ---A- . (...) -- C:\Users\Epcs\AppData\Roaming\Nero\Nero 12\Nero BackItUp\Files\20140121_131516_Nero LIVEBackup.nbi [8340]
O61 - LFC: 21-01-14 - 12:13:18 ---A- . (...) -- C:\Users\Epcs\AppData\Roaming\uTorrent\updates.dat [267] =>P2P.µTorrent
O61 - LFC: 21-01-14 - 12:13:20 ---A- . (...) -- C:\Users\Epcs\Music\Playlists\Sélection sans titre.wpl [473]
O61 - LFC: 22-01-14 - 12:13:16 ---A- . (...) -- C:\Users\Epcs\AppData\Local\Packages\WeatherBug.a.WeatherBug.a_78zd3kp756dy4\Settings\settings.dat [8192]
O61 - LFC: 22-01-14 - 12:13:17 ---A- . (...) -- C:\Users\Epcs\AppData\Local\Temp\Epcs.bmp [31832]
O61 - LFC: 22-01-14 - 12:13:17 -SHA- . (...) -- C:\Users\Epcs\AppData\Local\Temp\Thumbs.db [8704]
O61 - LFC: 22-01-14 - 12:13:18 ---A- . (...) -- C:\Users\Epcs\AppData\Roaming\Microsoft\Spelling\fr-BE\default.acl [2]
O61 - LFC: 22-01-14 - 12:13:18 ---A- . (...) -- C:\Users\Epcs\AppData\Roaming\Microsoft\Spelling\fr-BE\default.dic [2]
O61 - LFC: 22-01-14 - 12:13:18 ---A- . (...) -- C:\Users\Epcs\AppData\Roaming\Microsoft\Spelling\fr-BE\default.exc [2]
O61 - LFC: 22-01-14 - 12:13:18 ---A- . (...) -- C:\Users\Epcs\AppData\Roaming\Nero\Nero 12\Nero BackItUp\Cache\NeroBackItUp.txt [569414]
O61 - LFC: 22-01-14 - 12:13:18 ---A- . (...) -- C:\Users\Epcs\AppData\Roaming\Nero\Nero 12\Nero BackItUp\Files\Epcs Nero LIVEBackup Merge.nji [5445]
O61 - LFC: 22-01-14 - 12:13:18 ---A- . (...) -- C:\Users\Epcs\AppData\Roaming\Nero\Nero 12\Nero BackItUp\Files\Epcs Nero LIVEBackup.nji [9234]
O61 - LFC: 22-01-14 - 12:13:18 ---A- . (...) -- C:\Users\Epcs\AppData\Roaming\ZHP\Log.txt [20286] =>.Nicolas Coolman
O61 - LFC: 22-01-14 - 12:13:18 ---A- . (...) -- C:\Users\Epcs\AppData\Roaming\ZHP\TestsZHPDiag.txt [2797] =>.Nicolas Coolman
O61 - LFC: 22-01-14 - 12:13:18 ---A- . (...) -- C:\Users\Epcs\AppData\Roaming\uTorrent\dht_feed.dat [2] =>P2P.µTorrent
O61 - LFC: 22-01-14 - 12:13:18 ---A- . (...) -- C:\Users\Epcs\AppData\Roaming\uTorrent\dht_feed.dat.old [2] =>P2P.µTorrent
O61 - LFC: 22-01-14 - 12:13:18 ---A- . (...) -- C:\Users\Epcs\AppData\Roaming\uTorrent\resume.dat [99] =>P2P.µTorrent
O61 - LFC: 22-01-14 - 12:13:18 ---A- . (...) -- C:\Users\Epcs\AppData\Roaming\uTorrent\resume.dat.old [99] =>P2P.µTorrent
O61 - LFC: 22-01-14 - 12:13:18 ---A- . (...) -- C:\Users\Epcs\AppData\Roaming\uTorrent\settings.dat [68568] =>P2P.µTorrent
O61 - LFC: 22-01-14 - 12:13:18 ---A- . (...) -- C:\Users\Epcs\AppData\Roaming\uTorrent\settings.dat.old [68568] =>P2P.µTorrent
O61 - LFC: 22-01-14 - 12:13:19 ---A- . (.Nicolas Coolman.) -- C:\Users\Epcs\Downloads\ZHPDiag2.exe [6864616] =>.Nicolas Coolman
~ 2 Fichiers temporaires (Temporary files)
~ Files: 49 Scanned in 00mn 29s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S
~ FASS Keys: 10 Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [DefaultScope] - (Conduit Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www1.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} - (SecureSearch) - http://securedsearch2.lavasoft.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8} - (Ask Web Search) - http://search.tb.ask.com
~ Keys: Scanned in 00mn 00s



---\\ Enumère les service demarrés par Svchost (SSS) (O83)
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Service Expérience d’application.) -- C:\Windows\System32\aelupsvc.dll [190976]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [149504]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [149504]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL du service Serveur.) -- C:\Windows\System32\srvsvc.dll [309248]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Client de stratégie de groupe.) -- C:\Windows\System32\gpsvc.dll [1366016]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extension IKE.) -- C:\Windows\System32\ikeext.dll [1160192]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gestionnaire de numérotation automatique d’accès distant.) -- C:\Windows\System32\rasauto.dll [99840]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gestionnaire des connexions d’accès à distance.) -- C:\Windows\System32\rasmans.dll [358400]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gestionnaire d’interface dynamique.) -- C:\Windows\System32\mprdim.dll [107520]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Service de notification d’événements système (SENS).) -- C:\Windows\System32\sens.dll [62976]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l’application d’assistance à Microsoft NAT.) -- C:\Windows\System32\ipnathlp.dll [438784]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows(TM).) -- C:\Windows\System32\tapisrv.dll [305664]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Agent de mise à jour automatique Windows Update.) -- C:\Windows\System32\wuaueng.dll [3279872]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\Windows\System32\qmgr.dll [826368]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\System32\shsvcs.dll [565760]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service offrant une connectivité IPv6 sur un réseau IPv4..) -- C:\Windows\System32\iphlpsvc.dll [894464]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de service d’ouverture de session secondaire.) -- C:\Windows\system32\seclogon.dll [30720]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Service Informations d’application.) -- C:\Windows\System32\appinfo.dll [70144]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Service de découverte iSCSI.) -- C:\Windows\System32\iscsiexe.dll [151552]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Service EAPHost Microsoft.) -- C:\Windows\System32\eapsvc.dll [105472]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Service du Planificateur de tâches.) -- C:\Windows\System32\schedsvc.dll [1285632]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [219648]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Service Planificateur de classes multimédias.) -- C:\Windows\System32\mmcss.dll [80896]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL du service Explorateur d’ordinateurs.) -- C:\Windows\System32\browser.dll [134144]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [209920]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Service Configuration des services Bureau à distance.) -- C:\Windows\System32\sessenv.dll [291328]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\System32\wercplsupport.dll [84992]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\Windows\System32\kmsvc.dll [97792]
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Service BDE.) -- C:\Windows\System32\bdesvc.dll [190976]
O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Service de compte Microsoft®.) -- C:\Windows\System32\wlidsvc.dll [1964544]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL du service des thèmes Windows Shell.) -- C:\Windows\System32\themeservice.dll [47104]
O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Gestionnaire d’installation de périphérique.) -- C:\Windows\System32\DeviceSetupManager.dll [207872]
O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Service Assistant Connectivité réseau Microsoft.) -- C:\Windows\System32\ncasvc.dll [161792]
O83 - Search Svchost Services: SystemEventsBroker (SystemEventsBroker) . (.Microsoft Corporation - Service Broker pour les événements système.) -- C:\Windows\System32\SystemEventsBrokerServer.dll [180224]

~ Services: 34 Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.307771C61D8DB417E1A89A25BF3E3F43] [SPRF][02-01-14] (.BitTorrent Inc. - µTorrent.) -- C:\Users\Epcs\Desktop\utorrent-1-.exe [1142864] =>P2P.BitTorrent
~ Files: 1 Scanned in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "vm-monitoring-rpc" | In - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "vm-monitoring-dcom" | In - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "WMP-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "WMP-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "WMP-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "SNMPTRAP-In-UDP" | In - Public - P17 - FALSE | .(.Microsoft Corporation - Interruption SNMP.) -- C:\Windows\system32\snmptrap.exe
O87 - FAEL: "SNMPTRAP-In-UDP-NoScope" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Interruption SNMP.) -- C:\Windows\system32\snmptrap.exe
O87 - FAEL: "Wininit-Shutdown-In-Rule-TCP-RPC" | In - None - P6 - FALSE | .(.Microsoft Corporation - Application de démarrage de Windows.) -- C:\Windows\system32\wininit.exe
O87 - FAEL: "Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper" | In - None - P6 - FALSE | .(.Microsoft Corporation - Application de démarrage de Windows.) -- C:\Windows\system32\wininit.exe
O87 - FAEL: "PNRPMNRS-PNRP-In-UDP" | In - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "PNRPMNRS-PNRP-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "PNRPMNRS-SSDPSrv-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "PNRPMNRS-SSDPSrv-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "RemoteFwAdmin-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "RemoteFwAdmin-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "RemoteFwAdmin-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "RemoteFwAdmin-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "Netlogon-TCP-RPC-In" | In - None - P6 - FALSE | .(.Microsoft Corporation - Local Security Authority Process.) -- C:\Windows\System32\lsass.exe
O87 - FAEL: "WMI-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "WMI-WINMGMT-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "WMI-WINMGMT-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "WMI-ASYNC-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) -- C:\Windows\system32\wbem\unsecapp.exe
O87 - FAEL: "WMI-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "WMI-WINMGMT-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "WMI-WINMGMT-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "WMI-ASYNC-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) -- C:\Windows\system32\wbem\unsecapp.exe
O87 - FAEL: "MsiScsi-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "MsiScsi-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "MsiScsi-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "MsiScsi-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "ProximityUxHost-Sharing-In-TCP-NoScope" | In - None - P6 - TRUE | .(.Microsoft Corporation - Hôte UX de proximité.) -- C:\Windows\system32\proximityuxhost.exe
O87 - FAEL: "ProximityUxHost-Sharing-Out-TCP-NoScope" | Out - None - P6 - TRUE | .(.Microsoft Corporation - Hôte UX de proximité.) -- C:\Windows\system32\proximityuxhost.exe
O87 - FAEL: "FPS-SpoolSvc-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\system32\spoolsv.exe
O87 - FAEL: "FPS-SpoolSvc-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\system32\spoolsv.exe
O87 - FAEL: "FPS-LLMNR-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "FPS-LLMNR-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "NETDIS-UPnPHost-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "NETDIS-WSDEVNTS-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "NETDIS-WSDEVNT-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "NETDIS-SSDPSrv-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "NETDIS-SSDPSrv-Out-UDP-Active" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "NETDIS-UPnPHost-Out-TCP-Active" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "NETDIS-UPnP-Out-TCP-Active" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "NETDIS-FDPHOST-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "NETDIS-DAS-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Device Association Framework Provider Host.) -- C:\Windows\system32\dashost.exe
O87 - FAEL: "NETDIS-FDPHOST-Out-UDP-Active" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "NETDIS-LLMNR-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "NETDIS-LLMNR-Out-UDP-Active" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "NETDIS-FDRESPUB-WSD-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "NETDIS-FDRESPUB-WSD-Out-UDP-Active" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "NETDIS-WSDEVNTS-Out-TCP-Active" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "NETDIS-WSDEVNT-Out-TCP-Active" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "NETDIS-SSDPSrv-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "NETDIS-SSDPSrv-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "NETDIS-UPnP-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "NETDIS-UPnPHost-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "NETDIS-FDPHOST-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "NETDIS-DAS-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Device Association Framework Provider Host.) -- C:\Windows\system32\dashost.exe
O87 - FAEL: "NETDIS-FDPHOST-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "NETDIS-LLMNR-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "NETDIS-LLMNR-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "NETDIS-FDRESPUB-WSD-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "NETDIS-FDRESPUB-WSD-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "NETDIS-WSDEVNTS-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "NETDIS-WSDEVNT-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "RemoteAssistance-In-TCP-EdgeScope" | In - Public - P6 - TRUE | .(.Microsoft Corporation - Assistance à distance Windows.) -- C:\Windows\system32\msra.exe
O87 - FAEL: "RemoteAssistance-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Assistance à distance Windows.) -- C:\Windows\system32\msra.exe
O87 - FAEL: "RemoteAssistance-PnrpSvc-UDP-In-EdgeScope" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "RemoteAssistance-PnrpSvc-UDP-OUT" | Out - Public - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "RemoteAssistance-RAServer-In-TCP-NoScope-Active" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Serveur COM d’assistance à distance Windows.) -- C:\Windows\system32\raserver.exe
O87 - FAEL: "RemoteAssistance-RAServer-Out-TCP-NoScope-Active" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Serveur COM d’assistance à distance Windows.) -- C:\Windows\system32\raserver.exe
O87 - FAEL: "RemoteAssistance-DCOM-In-TCP-NoScope-Active" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "RemoteAssistance-In-TCP-EdgeScope-Active" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Assistance à distance Windows.) -- C:\Windows\system32\msra.exe
O87 - FAEL: "RemoteAssistance-Out-TCP-Active" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Assistance à distance Windows.) -- C:\Windows\system32\msra.exe
O87 - FAEL: "RemoteAssistance-SSDPSrv-In-UDP-Active" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "RemoteAssistance-SSDPSrv-Out-UDP-Active" | Out - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "RemoteAssistance-PnrpSvc-UDP-OUT-Active" | Out - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "MSDTC-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Service Microsoft Distributed Transaction Coordinator.) -- C:\Windows\system32\msdtc.exe
O87 - FAEL: "MSDTC-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Service Microsoft Distributed Transaction Coordinator.) -- C:\Windows\system32\msdtc.exe
O87 - FAEL: "MSDTC-KTMRM-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "MSDTC-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "MSDTC-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Service Microsoft Distributed Transaction Coordinator.) -- C:\Windows\system32\msdtc.exe
O87 - FAEL: "MSDTC-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Service Microsoft Distributed Transaction Coordinator.) -- C:\Windows\system32\msdtc.exe
O87 - FAEL: "MSDTC-KTMRM-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "MSDTC-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-QWave-In-UDP-NoScope" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-QWave-Out-UDP-NoScope" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-QWave-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-QWave-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-WMP-In-UDP-NoScope" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-WMP-Out-UDP-NoScope" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-WMP-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-In-UDP-NoScope" |In - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-Out-UDP-NoScope" |Out - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-Out-TCP-NoScope" |Out - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-QWave-In-UDP" | In - Public - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-QWave-Out-UDP" | Out - Public - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-QWave-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-QWave-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-SSDPSrv-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-SSDPSrv-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-WMP-In-UDP" | In - Public - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-WMP-Out-UDP" | Out - Public - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-WMP-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-In-UDP" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-Out-UDP" |Out - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-Out-TCP" |Out - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-UPnP-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "RemoteEventLogSvc-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "RemoteEventLogSvc-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "RemoteEventLogSvc-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "RemoteEventLogSvc-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "PlayTo-In-UDP-NoScope" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Serveur Lire sur.) -- C:\Windows\system32\mdeserver.exe
O87 - FAEL: "PlayTo-In-UDP-LocalSubnetScope" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Serveur Lire sur.) -- C:\Windows\system32\mdeserver.exe
O87 - FAEL: "PlayTo-In-UDP-PlayToScope" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Serveur Lire sur.) -- C:\Windows\system32\mdeserver.exe
O87 - FAEL: "PlayTo-Out-UDP-NoScope" | Out - Domain - P17 - TRUE | .(.Microsoft Corporation - Serveur Lire sur.) -- C:\Windows\system32\mdeserver.exe
O87 - FAEL: "PlayTo-Out-UDP-LocalSubnetScope" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Serveur Lire sur.) -- C:\Windows\system32\mdeserver.exe
O87 - FAEL: "PlayTo-Out-UDP-PlayToScope" | Out - Public - P17 - TRUE | .(.Microsoft Corporation - Serveur Lire sur.) -- C:\Windows\system32\mdeserver.exe
O87 - FAEL: "PlayTo-In-RTSP-NoScope" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Serveur Lire sur.) -- C:\Windows\system32\mdeserver.exe
O87 - FAEL: "PlayTo-In-RTSP-LocalSubnetScope" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Serveur Lire sur.) -- C:\Windows\system32\mdeserver.exe
O87 - FAEL: "PlayTo-In-RTSP-PlayToScope" | In - Public - P6 - TRUE | .(.Microsoft Corporation - Serveur Lire sur.) -- C:\Windows\system32\mdeserver.exe
O87 - FAEL: "PlayTo-SSDP-Discovery-PlayToScope" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "PlayTo-QWave-In-UDP-PlayToScope" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "PlayTo-QWave-Out-UDP-PlayToScope" | Out - Public - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "PlayTo-QWave-In-TCP-PlayToScope" | In - Public - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "PlayTo-QWave-Out-TCP-PlayToScope" | Out - Public - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "TPMVSCMGR-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "TPMVSCMGR-Server-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - TPM Virtual Smart Card Manager DCOM Server.) -- C:\Windows\system32\RmtTpmVscMgrSvr.exe
O87 - FAEL: "TPMVSCMGR-Server-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - TPM Virtual Smart Card Manager DCOM Server.) -- C:\Windows\system32\RmtTpmVscMgrSvr.exe
O87 - FAEL: "TPMVSCMGR-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "TPMVSCMGR-Server-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - TPM Virtual Smart Card Manager DCOM Server.) -- C:\Windows\system32\RmtTpmVscMgrSvr.exe
O87 - FAEL: "TPMVSCMGR-Server-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - TPM Virtual Smart Card Manager DCOM Server.) -- C:\Windows\system32\RmtTpmVscMgrSvr.exe
O87 - FAEL: "Collab-P2PHost-In-TCP" |In - None - P6 - TRUE | .(...) -- C:\Windows\system32\p2phost.exe (.not file.)
O87 - FAEL: "Collab-P2PHost-Out-TCP" |Out - None - P6 - FALSE | .(...) -- C:\Windows\system32\p2phost.exe (.not file.)
O87 - FAEL: "Collab-P2PHost-WSD-In-UDP" |In - None - P17 - FALSE | .(...) -- C:\Windows\system32\p2phost.exe (.not file.)
O87 - FAEL: "Collab-P2PHost-WSD-Out-UDP" |Out - None - P17 - FALSE | .(...) -- C:\Windows\system32\p2phost.exe (.not file.)
O87 - FAEL: "Collab-PNRP-In-UDP" | In - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "Collab-PNRP-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "Collab-PNRP-SSDPSrv-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "Collab-PNRP-SSDPSrv-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "RemoteSvcAdmin-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\Windows\system32\services.exe
O87 - FAEL: "RemoteSvcAdmin-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "RemoteSvcAdmin-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\Windows\system32\services.exe
O87 - FAEL: "RemoteSvcAdmin-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "PerfLogsAlerts-PLASrv-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Performance Logs and Alerts DCOM Server.) -- C:\Windows\system32\plasrv.exe
O87 - FAEL: "PerfLogsAlerts-DCOM-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "PerfLogsAlerts-PLASrv-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Performance Logs and Alerts DCOM Server.) -- C:\Windows\system32\plasrv.exe
O87 - FAEL: "PerfLogsAlerts-DCOM-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "CoreNet-DHCP-In" | In - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "CoreNet-DHCP-Out" | Out - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "CoreNet-DHCPV6-In" | In - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "CoreNet-DHCPV6-Out" | Out - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "CoreNet-Teredo-In" | In - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "CoreNet-Teredo-Out" | Out - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "CoreNet-IPHTTPS-Out" | Out - None - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "CoreNet-GP-Out-TCP" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "CoreNet-DNS-Out-UDP" | Out - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "CoreNet-GP-LSASS-Out-TCP" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Local Security Authority Process.) -- C:\Windows\system32\lsass.exe
O87 - FAEL: "RVM-VDS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Service de disque virtuel.) -- C:\Windows\system32\vds.exe
O87 - FAEL: "RVM-VDSLDR-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Virtual Disk Service Loader.) -- C:\Windows\system32\vdsldr.exe
O87 - FAEL: "RVM-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "RVM-VDS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Service de disque virtuel.) -- C:\Windows\system32\vds.exe
O87 - FAEL: "RVM-VDSLDR-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Virtual Disk Service Loader.) -- C:\Windows\system32\vdsldr.exe
O87 - FAEL: "RVM-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "RemoteTask-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "RemoteTask-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "RemoteTask-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "RemoteTask-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "MCX-SSDPSrv-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "MCX-SSDPSrv-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "MCX-In-TCP" |In - None - P6 - FALSE | .(...) -- C:\Windows\ehome\ehshell.exe (.not file.)
O87 - FAEL: "MCX-Out-TCP" |Out - None - P6 - FALSE | .(...) -- C:\Windows\ehome\ehshell.exe (.not file.)
O87 - FAEL: "MCX-QWave-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "MCX-QWave-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "MCX-QWave-In-TCP" | In - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "MCX-QWave-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "MCX-TERMSRV-In-TCP" | In - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "MCX-In-UDP" |In - None - P17 - FALSE | .(...) -- C:\Windows\ehome\ehshell.exe (.not file.)
O87 - FAEL: "MCX-Out-UDP" |Out - None - P17 - FALSE | .(...) -- C:\Windows\ehome\ehshell.exe (.not file.)
O87 - FAEL: "MCX-MCX2SVC-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "MCX-Prov-Out-TCP" |Out - None - P6 - FALSE | .(...) -- C:\Windows\ehome\mcx2prov.exe (.not file.)
O87 - FAEL: "MCX-PlayTo-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "MCX-McrMgr-Out-TCP" |Out - None - P6 - FALSE | .(...) -- C:\Windows\ehome\mcrmgr.exe (.not file.)
O87 - FAEL: "MCX-PlayTo-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "MCX-FDPHost-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "WPDMTP-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes.) -- C:\Windows\system32\wudfhost.exe
O87 - FAEL: "WPDMTP-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes.) -- C:\Windows\system32\wudfhost.exe
O87 - FAEL: "WPDMTP-SSDPSrv-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "WPDMTP-SSDPSrv-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "WPDMTP-UPnPHost-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "WPDMTP-UPnP-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "NetPres-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-Out-TCP-NoScope" |Out - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-WSD-In-UDP" |In - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-WSD-Out-UDP" |Out - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-Out-TCP" |Out - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "{E139CD08-7ABA-4D5E-BDEF-96E537637904}" | In - Public - P6 - TRUE | .(.Nero AG - Nero BackItUp.) -- C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
O87 - FAEL: "{FF8EB679-9783-463B-835E-BFFD9A8D6F6C}" | In - Public - P17 - TRUE | .(.Nero AG - Nero BackItUp.) -- C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
O87 - FAEL: "{06D8C904-F040-4288-9CB5-77B5C107EAAD}" | In - Public - P6 - TRUE | .(.Spotify Ltd - Spotify.) -- C:\Program Files (x86)\Spotify\spotify.exe
O87 - FAEL: "{648713CF-7490-4943-8928-40D452A2D406}" | In - Public - P17 - TRUE | .(.Spotify Ltd - Spotify.) -- C:\Program Files (x86)\Spotify\spotify.exe
O87 - FAEL: "{F9CE44B2-E001-4A52-B7B2-AA5DCC12B9A4}" | In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
O87 - FAEL: "{C776F03B-1D28-4619-BF12-25C2E93DE0F1}" | In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
O87 - FAEL: "{5CF23805-4CA9-48B2-A543-46C2B62ACC92}" | In - None - P17 - TRUE | .(.CyberLink Corp. - PowerDVD 12.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
O87 - FAEL: "{D2B5201C-AF6E-426A-8A45-750B0B92693A}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (.not file.)
O87 - FAEL: "{806DAAC8-8BA7-4C65-BED2-A260891FE0BB}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (.not file.)
O87 - FAEL: "{CB646E01-DE18-4014-894E-8EA8FAD20B7D}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (.not file.)
O87 - FAEL: "{15264922-5A38-4121-9189-A3E3184212EE}" | In - None - P17 - TRUE | .(.CyberLink Corp. - PowerDVD 12.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
O87 - FAEL: "{45C63F4A-1976-42D5-AE66-AA3D09C8EB78}" | In - None - P17 - TRUE | .(.CyberLink Corp. - PowerDVD 12.0.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
O87 - FAEL: "{3B632DD0-1EA6-498D-8623-79DF7C54DC94}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\ultravnc\winvnc.exe (.not file.)
O87 - FAEL: "{4CF14666-1E59-4D57-B31E-19B659E09CC7}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\ultravnc\winvnc.exe (.not file.)
O87 - FAEL: "{133FD3C1-1234-4979-BA83-EF4F5CE6245E}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\Supertec\iConsole.exe (.not file.)
O87 - FAEL: "{2145F6BE-8845-4ACF-B559-CE7F9A124DC1}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\Supertec\iConsole.exe (.not file.)
O87 - FAEL: "{686A3762-6C85-488E-8C3F-97AE994AF900}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\Supertec\iScreen\iScreenMonitor.exe (.not file.)
O87 - FAEL: "{7A643362-88CB-41C0-80A5-C29A659F8BDD}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\Supertec\iScreen\iScreenMonitor.exe (.not file.)
O87 - FAEL: "{4C8903E3-EF89-4938-A01B-2D82A9C22240}" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\supertec\vc\vidireports.exe (.not file.)
O87 - FAEL: "{6DC6E2F7-C39A-46C6-A95F-698F78916D00}" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\supertec\vc\vidireports.exe (.not file.)
O87 - FAEL: "{9BDC7274-18D7-435F-A31A-67C884E6E8E2}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\ultravnc\vncviewer.exe (.not file.)
O87 - FAEL: "{36EBA515-718B-47DF-8FAC-BC61DC7797FA}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\ultravnc\vncviewer.exe (.not file.)
O87 - FAEL: "{A9D45421-AF25-4605-B918-3EB46FBD9858}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\ultravnc\winvnc.exe (.not file.)
O87 - FAEL: "{6159C474-7F78-4C23-A883-4B32B6CFC62A}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\ultravnc\winvnc.exe (.not file.)
O87 - FAEL: "{22D1F712-0041-4A15-85C4-1F782C44982A}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\ultravnc\vncviewer.exe (.not file.)
O87 - FAEL: "{8F7A369B-314D-45D3-B776-45BD7ACA70FE}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\ultravnc\vncviewer.exe (.not file.)
O87 - FAEL: "TCP Query User{B39DA17F-7FB9-4A15-97D9-B5A3B2336480}C:\program files (x86)\supertec\vc\vidireports.exe" |In - Domain - P6 - TRUE | .(...) -- C:\program files (x86)\supertec\vc\vidireports.exe (.not file.)
O87 - FAEL: "UDP Query User{51F69C04-F6B6-4EBF-8EC3-7D3537666B4B}C:\program files (x86)\supertec\vc\vidireports.exe" |In - Domain - P17 - TRUE | .(...) -- C:\program files (x86)\supertec\vc\vidireports.exe (.not file.)
O87 - FAEL: "TCP Query User{04A7735C-45CA-4B3E-9CF1-EFC232F7ADD5}C:\program files (x86)\supertec\vc\vidireports.exe" |In - Domain - P6 - TRUE | .(...) -- C:\program files (x86)\supertec\vc\vidireports.exe (.not file.)
O87 - FAEL: "UDP Query User{B04C310F-3F4A-44EF-AAFB-69E79C751AF9}C:\program files (x86)\supertec\vc\vidireports.exe" |In - Domain - P17 - TRUE | .(...) -- C:\program files (x86)\supertec\vc\vidireports.exe (.not file.)
O87 - FAEL: "TCP Query User{8195EE2A-B586-41AC-8997-8344FC83D67B}C:\program files (x86)\supertec\vc\vidireports.exe" |In - Domain - P6 - TRUE | .(...) -- C:\program files (x86)\supertec\vc\vidireports.exe (.not file.)
O87 - FAEL: "UDP Query User{3DE41A37-E3AB-48A2-8891-0575347F50BB}C:\program files (x86)\supertec\vc\vidireports.exe" |In - Domain - P17 - TRUE | .(...) -- C:\program files (x86)\supertec\vc\vidireports.exe (.not file.)
O87 - FAEL: "TCP Query User{71C5D303-47AE-45E5-A00D-4B32B529A997}C:\program files (x86)\supertec\iscreen\iscreenmonitor.exe" |In - Domain - P6 - TRUE | .(...) -- C:\program files (x86)\supertec\iscreen\iscreenmonitor.exe (.not file.)
O87 - FAEL: "UDP Query User{96769C63-3B15-4FE6-B191-BAE4E994A749}C:\program files (x86)\supertec\iscreen\iscreenmonitor.exe" |In - Domain - P17 - TRUE | .(...) -- C:\program files (x86)\supertec\iscreen\iscreenmonitor.exe (.not file.)
O87 - FAEL: "TCP Query User{6E923DC4-5EFA-4678-A816-CA32525AB669}C:\program files (x86)\supertec\iconsole.exe" |In - Domain - P6 - TRUE | .(...) -- C:\program files (x86)\supertec\iconsole.exe (.not file.)
O87 - FAEL: "UDP Query User{37F0D3B2-A504-4948-90A9-7E24C9DFE5F7}C:\program files (x86)\supertec\iconsole.exe" |In - Domain - P17 - TRUE | .(...) -- C:\program files (x86)\supertec\iconsole.exe (.not file.)
O87 - FAEL: "{84A3762D-A5CD-488E-B4BD-94748F075EEC}" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "{B6DD4762-ACA2-4031-B266-8A8C68A48DF3}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "{953DDE29-2909-4403-9261-A0291F9EBAD3}" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\system32\spoolsv.exe
O87 - FAEL: "{785BF5F1-CB7E-4686-BA00-056B7D7938FF}" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "{A3E259E4-EEA0-4B0F-9E5D-0673BC7CD454}" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "{B6DA3AD9-D92C-4DFE-9E87-9CF650E5EF11}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "{77789579-4E12-4BC6-9301-2031E8F0067C}" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "{A2A8FFA4-1704-429C-8178-9A6617603305}" |Out - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) =>.Microsoft Corporation
O87 - FAEL: "{0C7CC9D0-9334-425D-BE64-1AB28702C5D8}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) =>.Microsoft Corporation
O87 - FAEL: "{0196547C-29A1-4B4D-9AF2-155D86C25324}" |Out - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) =>.Microsoft Corporation
O87 - FAEL: "{F3F97AEA-828C-47A2-A66E-4D8A878CF1A5}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) =>.Microsoft Corporation
O87 - FAEL: "{6739E3C7-FEC7-4B9C-8F83-A86093A93BA2}" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "{908AFFB8-335F-43E7-B2D3-C0CDCBEAE40F}" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "{F2B2530A-D947-43CF-AFB8-F1C4D201F26C}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "{F054CD55-7FE3-4D44-8443-A6AB2ACBBEE6}" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "{89937826-7B5A-479C-B555-2480ADB4D65D}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "{7AC1A641-84F0-4572-A817-C0DB792E2B94}" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "{3EA60409-C259-4D05-B7F6-75A703A4D56D}" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "{573F50A4-3A52-4FBA-A76E-18D23E7CF295}" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "{448844E5-B33E-412A-B8F2-4778C7BE25DB}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe =>.Microsoft Corporation
O87 - FAEL: "{82EFFECC-F37D-4C82-863D-7370601A7AB9}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\ultravnc\winvnc.exe (.not file.)
O87 - FAEL: "{12302644-1C7C-4226-8636-5657FF42B55E}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\ultravnc\winvnc.exe (.not file.)
O87 - FAEL: "{0DD4A84E-1139-4EF2-819A-5AB6B91628D9}" | In - Private - P6 - TRUE | .(.Nero AG - Nero BackItUp.) -- C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
O87 - FAEL: "{D3E41F04-C648-4653-A837-DD1BDA6EFC00}" | In - Private - P17 - TRUE | .(.Nero AG - Nero BackItUp.) -- C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
O87 - FAEL: "{FC2BA082-6619-43CA-9539-561EC627EAB3}" | In - None - P17 - TRUE | .(.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\Epcs\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe =>.Microsoft Corporation
O87 - FAEL: "{08FA072C-9710-4CE9-BCC0-3DD416FA16D3}" | In - None - P17 - TRUE | .(.Microsoft Corporation - Windows Live Communications Platform.) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
O87 - FAEL: "{4D686372-FEEF-4A2C-85C2-9C66F4DA2223}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.)
O87 - FAEL: "{EF0BAC8C-6810-414F-BCDA-9D64FC0F2ADB}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
O87 - FAEL: "TCP Query User{70607123-1FCD-4804-9BAE-F6C7DF70A76E}C:\program files (x86)\torntv.com\torntv downloader.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\torntv.com\torntv downloader.exe (.not file.) =>Hijacker.TornTV
O87 - FAEL: "UDP Query User{03462F44-3F02-4C1F-96B0-9A3124F095DA}C:\program files (x86)\torntv.com\torntv downloader.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\torntv.com\torntv downloader.exe (.not file.) =>Hijacker.TornTV
O87 - FAEL: "{4F4B8C92-ADBA-4867-ABD6-E509CE8377BF}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Epcs\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{23962DA7-5117-4053-AE6E-17170B0B4733}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Epcs\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "TCP Query User{BCBC30D3-51E4-4AA2-A09D-70C1F74AF6B9}C:\users\epcs\desktop\utorrent-1-.exe" | In - Private - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\users\epcs\desktop\utorrent-1-.exe =>P2P.BitTorrent
O87 - FAEL: "UDP Query User{64BCDAC9-FBD7-4020-A600-1966D89D7CCD}C:\users\epcs\desktop\utorrent-1-.exe" | In - Private - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\users\epcs\desktop\utorrent-1-.exe =>P2P.BitTorrent
~ Firewall: 274 Scanned in 00mn 04s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "00005109831090400000000000F01FEC" . (.Microsoft Office.) -- C:\Windows\Installer\{90150000-0138-0409-0000-0000000FF1CE}\firstrun.exe
O90 - PUC: "0336A2D4B8F23E11C9048BCAF6798BE8" . (.Google Earth.) -- C:\Windows\Installer\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}\ARPPRODUCTICON.exe
O90 - PUC: "0D13DD3A99B922270B83D7E74FE37DC2" . (.Catalyst Control Center InstallProxy.) -- C:\Windows\Installer\{A3DD31D0-9B99-7222-B038-7D7EF43ED72C}\ARPPRODUCTICON.exe
O90 - PUC: "122113B05A506674D830A74664971465" . (.Nero RescueAgent Help (CHM).) -- c:\windows\Installer\{0B311221-05A5-4766-8D03-7A6446794156}\NeroHelpIcon.A2EDDB31_726D_4D40_8014_5D5F2D3EF945
O90 - PUC: "1B641C2DD849FE743878D5C1B689F0C7" . (.Windows Live Writer.) -- C:\Windows\Installer\{D2C146B1-948D-47EF-8387-5D1C6B980F7C}\ApplicationIcon.ico
O90 - PUC: "1D034B0FAA6BD374B960AAD30DF10D8B" . (.Microsoft SQL Server 2005 Compact Edition [ENU].) -- C:\Windows\Installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}\ProductIcon
O90 - PUC: "1E0E7CE6ACB5E47AAC99977E56BB72E1" . (.Catalyst Control Center Localization All.) -- C:\Windows\Installer\{6EC7E0E1-5BCA-A74E-CA99-79E765BB271E}\ARPPRODUCTICON.exe
O90 - PUC: "203E62EEA6789D84098513925E9B9999" . (.Live Updater.) -- C:\windows\Installer\{EE26E302-876A-48D9-9058-3129E5B99999}\icon.ico
O90 - PUC: "2921D0FE1CF8EB147904BD1C436F4651" . (.Nero BackItUp Help (CHM).) -- c:\windows\Installer\{EF0D1292-8FC1-41BE-9740-DBC134F66415}\NeroHelpIcon.A2EDDB31_726D_4D40_8014_5D5F2D3EF945
O90 - PUC: "35588CBA077879B44BE3A50946A7B536" . (.Nero ControlCenter.) -- c:\windows\Installer\{ABC88553-8770-4B97-B43E-5A90647A5B63}\ARPPRODUCTICON.exe
O90 - PUC: "379F8AC47736FBA4E95DCC32323B0C00" . (.Nero BackItUp 12 Essentials OEM.a01.) -- c:\windows\Installer\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}\ARPPRODUCTICON.exe
O90 - PUC: "3A80BAA3921F5DB44B90EA76F43957D9" . (.Prerequisite installer.) -- c:\windows\Installer\{3AAB08A3-F129-4BD5-B409-AE674F93759D}\ARPPRODUCTICON.exe
O90 - PUC: "456BC9D3DA991034986CD0217A0967C7" . (.Identity Card.) -- C:\windows\Installer\{3D9CB654-99AD-4301-89C6-0D12A790767C}\icon.ico
O90 - PUC: "58FDBAB7A6656CCF6EEF21CDFFF3F9BE" . (.AMD Catalyst Install Manager.) -- C:\Windows\Installer\{7BABDF85-566A-FCC6-E6FE-12DCFF3F9FEB}\ARPPRODUCTICON.exe
O90 - PUC: "63AEB64B17B0E4A4EA1478426134AFA0" . (.PowerDVD.) -- C:\Windows\Installer\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}\ARPPRODUCTICON.exe
O90 - PUC: "640F20EC3809A107906969913060DDE5" . (.ccc-utility64.) -- C:\Windows\Installer\{CE02F046-9083-701A-0996-96190306DD5E}\ARPPRODUCTICON.exe
O90 - PUC: "647C499C0D6CABE40BE9FDB78183B196" . (.Nero ControlCenter Help (CHM).) -- c:\windows\Installer\{C994C746-C6D0-4EBA-B09E-DF7B18381B69}\NeroHelpIcon.8BC7562A_6065_4ED9_8502_C368ECC0724D
O90 - PUC: "7040BB568CC47CD459E2E3FEFD5006A2" . (.Nero Update.) -- c:\windows\Installer\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}\ARPPRODUCTICON.exe
O90 - PUC: "753D006D9BC59ED4F84D412E80DB9107" . (.Nero Backup Drivers.) -- C:\Windows\Installer\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}\ARPPRODUCTICON.exe
O90 - PUC: "7750F631A5FF87935453F30843969728" . (.AMD VISION Engine Control Center.) -- C:\Windows\Installer\{136F0577-FF5A-3978-4535-3F8034697982}\ARPPRODUCTICON.exe
O90 - PUC: "795BE1F2AD4717C20C56FBC4B69860C2" . (.AMD Accelerated Video Transcoding.) -- C:\Windows\Installer\{2F1EB597-74DA-2C71-C065-BF4C6B89062C}\ARPPRODUCTICON.exe
O90 - PUC: "8703D2ADC85A8E54E80E818BEBB6437F" . (.Nero BackItUp.) -- c:\windows\Installer\{DA2D3078-A58C-45E8-8EE0-18B8BE6B34F7}\ARPPRODUCTICON.exe
O90 - PUC: "9E0298BE435530E2EBB40B059C376667" . (.Catalyst Control Center Graphics Previews Common.) -- C:\Windows\Installer\{EB8920E9-5534-2E03-BE4B-B050C9736676}\ARPPRODUCTICON.exe
O90 - PUC: "A5002F70CAC8B4A4382AAD897A22AC16" . (.Recovery Management.) -- C:\Windows\Installer\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}\.\Bitmaps\eRecoveryicon.ico
O90 - PUC: "B0951AEFA045CF149AC56644398CA212" . (.Classic Shell.) -- C:\Windows\Installer\{FEA1590B-540A-41FC-A95C-664493C82A21}\icon.ico
O90 - PUC: "B723AF332E7E83E4FBA176CD2E58DBC5" . (.Catalyst Control Center - Branding.) -- C:\Windows\Installer\{33FA327B-E7E2-4E38-BF1A-67DCE285BD5C}\ARPPRODUCTICON.exe
O90 - PUC: "D237359B326B48E43B96FCFFB7A10EF6" . (.Nero RescueAgent.) -- C:\Windows\Installer\{B953732D-B623-4E84-B369-CFFF7B1AE06F}\ARPPRODUCTICON.exe
O90 - PUC: "D276F30548C6A844F8F8B43CA58C4314" . (.AMD APP SDK Runtime.) -- C:\Windows\Installer\{503F672D-6C84-448A-8F8F-4BC35AC83441}\ARPPRODUCTICON.exe
O90 - PUC: "E5E5322F18873924B9F6402B06F9FB0F" . (.Windows Live Messenger.) -- C:\Windows\Installer\{F2235E5E-7881-4293-9B6F-04B2609FBFF0}\MsblIco.Exe
O90 - PUC: "FA0364E07BA0E0449A87A187CFF4349B" . (.Nero Launcher.) -- c:\windows\Installer\{0E4630AF-0AB7-440E-A978-1A78FC4F43B9}\ARPPRODUCTICON.exe
~ Update Products: 108 Scanned in 00mn 00s



---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\5e0888fb73eb812\2.6.1673.238\upd]:="upd=1" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812\2.6.1694.246\upd]:="upd=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812\2.7.1769.27\upd]:="upd=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812\2.7.1832.68\upd]:="upd=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1562.220]:dllName="BrowserDefender.dll" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1562.220]:exeName="BrowserDefender.exe" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1562.220]:folderName="BrowserDefender" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1562.220]:guid="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1562.220]:serviceName="BrowserDefendert" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1562.220]:version="2.6.1562.220" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:guid="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:serviceName="BitGuard" =>PUP.BitGuard
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:version="2.6.1673.238" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:guid="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:serviceName="BitGuard" =>PUP.BitGuard
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:version="2.6.1694.246" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:SERVICE_NAME="BitGuard" =>PUP.BitGuard
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:guid="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:version="2.7.1769.27" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:dllName="BrowserDefender.dll" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:exeName="BrowserDefender.exe" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:folderName="BrowserDefender" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:serviceName="BrowserDefendert" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:version="2.6.1519.190" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPCHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPCHREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPCHREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPCHREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPCHREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPCHREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPCHREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPCHREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPCHREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPCHREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPIEREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPIEREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPIEREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPIEREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPIEREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPIEREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPIEREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPIEREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPIEREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPIEREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:INSTALL_FOLDER_NAME="BitGuard" =>PUP.BitGuard
[HKCU\Software\5e0888fb73eb812]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:KWFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:KWFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:KWFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:KWFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:KWFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:KWFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:KWFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:KWFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:KWFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:KWFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTCHREGEXP2="FO81jovjQUF+5S6+hbF/tG24SsHn9oyWDBuXLj1U8e1fjIJv8XSE4Dy75IlV" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:NTFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:PROTECTOR_DLL_NAME="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\5e0888fb73eb812]:PROTECT_EXE_NAME="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\5e0888fb73eb812]:SECHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SECHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SECHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SECHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SECHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SECHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SECHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SECHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SECHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SECHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SECHREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SECHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SECHREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SECHREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SECHREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SECHREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SECHREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SECHREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SECHREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SECHREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SECHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SECHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SECHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SECHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SECHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SECHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SECHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SECHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEIEREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEIEREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEIEREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEIEREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEIEREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEIEREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEIEREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEIEREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEIEREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEIEREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SEIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:SERVICE_NAME="BitGuard" =>PUP.BitGuard
[HKCU\Software\5e0888fb73eb812]:usrcheckbox="" =>Hijacker.Eazel
[HKCU\Software\5e0888fb73eb812]:version="2.7.1832.68" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPCHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPCHREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPCHREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPCHREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPCHREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPCHREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPCHREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPCHREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPCHREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPCHREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPIEREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPIEREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPIEREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPIEREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPIEREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPIEREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPIEREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPIEREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPIEREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPIEREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:INSTALL_FOLDER_NAME="BitGuard" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:KWFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:KWFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:KWFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:KWFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:KWFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:KWFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:KWFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:KWFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:KWFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:KWFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTCHREGEXP2="FO81jovjQUF+5S6+hbF/tG24SsHn9oyWDBuXLj1U8e1fjIJv8XSE4Dy75IlV" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:NTFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:PROTECTOR_DLL_NAME="BitGuard.dll" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:PROTECT_EXE_NAME="BitGuard.exe" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SECHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SECHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SECHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SECHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SECHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SECHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SECHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SECHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SECHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SECHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SECHREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SECHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SECHREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SECHREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SECHREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SECHREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SECHREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SECHREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SECHREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SECHREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SECHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SECHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SECHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SECHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SECHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SECHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SECHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SECHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEIEREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEIEREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEIEREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEIEREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEIEREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEIEREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEIEREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEIEREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEIEREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEIEREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SEIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:SERVICE_NAME="BitGuard" =>PUP.BitGuard
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:usrcheckbox="" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:version="2.7.1832.68" =>Hijacker.Eazel
~ Export Key Software: Scanned in 00mn 02s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.FE72D2B842E2BF232387219C3392797F] [WIS][29-08-13] (.IvoSoft - Classic Shell.) -- C:\Windows\Installer\1cd2129f.msi [4456448]
[MD5.28D9DD3E46DC577765A40C3EBF2B5927] [WIS][07-08-13] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\21d6c480.msi [28672] =>Toolbar.Google
~ WIS: 107 Scanned in 00mn 12s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 16-11-12 469648 | (DeviceFastLaneService) . (.Acer Incorporated.) - C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe
SS - | Demand 10-07-58 0 | (ePowerSvc) . (...) - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
SS - | Demand 12-10-10 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 07-08-13 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 07-08-13 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 07-08-13 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 24-10-13 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 20-09-12 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 21-08-12 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 03-01-14 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 29-06-13 68608 | (ClassicShellService) . (.IvoSoft.) - C:\Program Files\Classic Shell\ClassicShellService.exe
SR - | Auto 08-06-12 201376 | (CxAudMsg) . (.Conexant Systems Inc..) - C:\Windows\system32\CxAudMsg64.exe
SR - | Auto 18-12-13 59392 | (DCE) . (...) - C:\Program Files\DCE\dce.exe
SR - | Auto 10-12-12 350544 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
SR - | Auto 07-12-12 100752 | (ETDService) . (.ELAN Microelectronics Corp..) - C:\Program Files\Elantech\ETDService.exe
SR - | Auto 17-12-13 227904 | (GamesAppIntegrationService) . (.WildTangent.) - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
SR - | Auto 24-07-12 2457232 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Auto 14-07-12 769432 | (NAUpdate) . (.Nero AG.) - c:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 29-04-13 93296 | (RfButtonDriverService) . (.Dritek System INC..) - C:\Windows\RfBtnSvc64.exe
SR - | Demand 10-07-58 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10-07-58 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 01-08-12 81536 | (ZAtheros Wlan Agent) . (.Atheros.) - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe

~ Services: Scanned in 00mn 15s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Epcs at 22-01-14 12:14:34
~ OS 64 not supported by MBR tool

~ MBR: 0 Scanned in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Epcs at 22-01-14 12:14:36

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13024 - (17-01-14)
Clés trouvées (Keys found) : 55
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 11
Fichiers trouvés (Files found) : 18

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4D91-8333-CF10577473F7}] =>Toolbar.Google^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311301136}] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311551110}] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}] =>Toolbar.Google^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] =>Toolbar.Google^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vittalia] =>PUP.Vittalia^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}] =>Adware.WebCake^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent] =>P2P.BitTorrent^
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}] =>Adware.ToolbarCleaner
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] =>Toolbar.AdAware
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] =>Toolbar.AdAware
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] =>Toolbar.AdAware
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon
[HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole] =>Toolbar.AdAware
[HKLM\Software\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASAPI32] =>Adware.WebCake
[HKLM\Software\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASMANCS] =>Adware.WebCake
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector
[HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110311301136}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110311551110}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220322302236}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220322552210}] =>PUP.CrossRider
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220322302236}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220322552210}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220422822292}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Program Files (x86)\TornTV.com =>Hijacker.TornTV^
C:\Program Files (x86)\Vittalia =>PUP.Vittalia^
C:\ProgramData\Babylon =>PUP.Babylon^
C:\ProgramData\Tarma Installer =>PUP.Tarma^
C:\Users\Epcs\AppData\Roaming\uTorrent =>P2P.µTorrent^
C:\Users\Epcs\AppData\Roaming\Web Cake =>Adware.WebCake^
C:\Users\Epcs\AppData\Local\SearchProtect =>Toolbar.Conduit^
C:\Users\Epcs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard =>PUP.BitGuard^
C:\Users\Epcs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com =>Hijacker.TornTV^
C:\Users\Epcs\AppData\Local\Installer =>Adware.InstallPedia
C:\Users\Epcs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo =>PUP.CrossRider
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^
C:\Users\Epcs\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe =>Toolbar.Google^
C:\Windows\Tasks\SaveSense.job =>PUP.SaveSense^
[HKCU\Software\AppDataLow\Software\Plus-HD-2.2] =>Adware.PlusHD^
[HKCU\Software\BabSolution] =>Hijacker.BabSolution^
[HKCU\Software\BitTorrent] =>P2P.BitTorrent^
[HKCU\Software\FileScout] =>PUP.FileScout^
[HKLM\Software\Wow6432Node\SearchProtect] =>Toolbar.Conduit^
C:\Users\Epcs\Desktop\utorrent-1-.exe =>P2P.BitTorrent^
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1562.220]:dllName="BrowserDefender.dll" =>Hijacker.Eazel^
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:dllName="BitGuard.dll" =>PUP.BitGuard^
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:dllName="BitGuard.dll" =>PUP.BitGuard^
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:SERVICE_NAME="BitGuard" =>PUP.BitGuard^
[HKCU\Software\5e0888fb73eb812\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:dllName="BrowserDefender.dll" =>Hijacker.Eazel^
[HKCU\Software\5e0888fb73eb812]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
[HKLM\Software\Wow6432Node\5e0888fb73eb812]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
C:\Windows\Installer\21d6c480.msi =>Toolbar.Google^
~ Additionnel Scan: 165880 Items scanned in 00mn 43s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/36853930-pup-savesense =>PUP.SaveSense
~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution
~ http://nicolascoolman.webs.com/apps/blog/show/35115580-pup-vittalia =>PUP.Vittalia
~ http://nicolascoolman.webs.com/apps/blog/show/27285539-adware-webcake =>Adware.WebCake
~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel =>Hijacker.Eazel
~ http://nicolascoolman.webs.com/apps/blog/show/28138048-adware-plushd =>Adware.PlusHD
~ http://nicolascoolman.webs.com/apps/blog/show/34311830-pup-filescout =>PUP.FileScout
~ http://nicolascoolman.webs.com/apps/blog/show/27557062-adware-vidsaver =>Adware.VidSaver
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blog/show/27660150-hijacker-torntv =>Hijacker.TornTV
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/32979753-pup-bitguard =>PUP.BitGuard
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/33105275-adware-toolbarcleaner =>Adware.ToolbarCleaner
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/28204239-pup-optimizerpro =>PUP.OptimizerPro
~ http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector =>PUP.BProtector
~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods
~ http://nicolascoolman.webs.com/apps/blog/show/26967630-adware-installpedia =>Adware.InstallPedia
~ MSI: 23 link(s) detected in 01mn 08s



End of the scan (2244 lines in 04mn 48s)(0)

Publicité


Signaler le contenu de ce document

Publicité