Aller au contenu

local

Membres
  • Compteur de contenus

    46
  • Inscription

  • Dernière visite

Tout ce qui a été posté par local

  1. merci beaucoup pour votre aide
  2. voici le rapport http://cjoint.com/?DCjrlQa8i0L
  3. pas seulement sur sympatico mais tout les sites lorsque je fais une recherche par google pour que ca fonctionne il faut écrire l'adresse je continu la procedure le rapport a venir
  4. j'ai désactivé l'analyse des connexions sécurisées de kaspersky ca semble aller mieux mais il faut que j'ajoute une exception a chaque nouvelle page, sur ie et chrome aucun probleme. je vais peut etre changer de navigateur j'ai fait une capture d'écran du message de certificat http://cjoint.com/?DCjn4DAcBCj merci
  5. kaspersky aucune menace j'ai supprimé le profil firefox et créer un autre j'ai quelques pages qui ouvrent normalement mais j'ai encore connexion non certifiée est ce que kaspersky pourrait bloqué les connexions lorsque je vais voir les details du certificat il est écrit emis par kaspersky anti-virus personal root certifical et organisation kaspersky lab zao
  6. merci j'ai tout fait et reinstallation de firefox toujours la meme chose
  7. impossible de restaurer la configuration par défault rien ne se passe les favoris ce n'est pas grave si je les perd les liens que vous avez envoyés je ne les voie pas comme d'habitude on dirait la version mobile et les autres pages de firefox que je réussi a ouvrir sont comme la version mobile
  8. toujours la meme chose connexion non certifiée
  9. fait mais il ouvre encore les pages connexion non certifiée
  10. désolé je me suis trompé de fichier j'ai rebooter l'ordi ell a geler et voici le fichier http://cjoint.com/?DCiwUggM8Rp
  11. dans firefox il n'y avait rien et ca vient d'apparaitre voici le fichier http://cjoint.com/?DCiwvXY7xPv
  12. voila http://cjoint.com/?DCiwhSB3U60 http://cjoint.com/?DCiwiH3Jc3n
  13. merci firefox ne fonctionne pas mieux avec la reinitialisation impossible d'aller sur google j'ai parti le scan complet de mon antivirus
  14. je n'ai plus de publicités mais firefox me dit toujours connexion non certifiée et je peux seulement aller sur les sites par le marque page
  15. voici les rapports zhpfix http://cjoint.com/?DCivsMNiu7U adwc http://cjoint.com/?DCivuHKtz9W sftgc http://cjoint.com/?DCivwciyViS mbam http://cjoint.com/?DCivxtU55bw
  16. merci voici le rapport http://cjoint.com/?DCiqoysKjnK
  17. bonjour je fais encore appel a votre aide mon mari a laissé de jeunes ados jouer sur son ordi et maintenant il a beaucoup de problemes publicites intempestives, impossible de restaurer a une autre date, firefox affiche que des pages non certifié et impossible de sortir de la ,impossible de téléchargé merci si quelqu'un pourrait m'aider
  18. vous avez raison merci beaucoup et une tres bonne annee 2014
  19. dans la session admin ie n'ouvre pas mais dans le compte utilisateur standard il n'y a pas de probleme voici le rapport sfcdetailsrepair.txt Lignes avec Repairing, Repaired, ou "cannot" : ============================================ LIGNES AVEC REPAIRING : ===================== 2014-01-04 13:42:38, Info CSI 000001b8 [sR] Repairing 0 components ============================================ LIGNES AVEC REPAIRED : ==================== ============================================ LIGNES AVEC CANNOT : ==================
  20. merci est ce qu'il y a d'autres analyses a faire ?
  21. malgré la réinstallation de internet explorer il n'ouvre pas http://cjoint.com/?DAdtdnf9k83 http://cjoint.com/?DAdtelMKo0Y
  22. merci voici tout les rapports j'ai réinitialiser firefox et réinstaller internet explorer http://cjoint.com/?DAdpEM8AOKt http://cjoint.com/?DAdpFMx9qz4 http://cjoint.com/?DAdpGjC9SLy http://cjoint.com/?DAdpGUqrLse http://cjoint.com/?DAdpHr4dr8Y
  23. bonjour depuis quelques temps ma mère a des problemes avec son ordi j'ai bien essayé de l'aider mais mes connaissances sont limités internet explorer n'ouvre pas beaucoup de publicités impossible de supprimer des saletes son antivirus detecte plusieurs choses mais impossible de les supprimés merci pour votre aide voici le ZHPDiag ~ Rapport de ZHPDiag v2014.1.2.5 - Nicolas Coolman (2014-01-02) ~ Lancé par annie (2014-01-02 13:48:50) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by program ---\\ Navigateurs Internet MSIE: Internet Explorer v11.0.9600.16476 MFIE: Mozilla Firefox 26.0 (Defaut) GCIE: Google Chrome v31.0.1650.63 ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Home Premium, 32-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK System - Enable Open file C:\Users\annie\AppData\Roaming\ZHP\Licence.txt =>.Nicolas Coolman ---\\ Logiciels de protection du système Kaspersky Internet Security v14.0.0.4651 Microsoft Security Client FR-FR Language Pack v2.1.1116.0 Windows Defender W7 ---\\ Logiciels d'optimisation du système ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 11 Plugin Adobe Reader X Java 7 Update 25 ---\\ Informations sur le système ~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2934 MB (49% free) System Restore: Activé (Enable) System drive C: has 166 GB (74%) free of 222 GB ---\\ Mode de connexion au système ~ Computer Name: ANNIE-PC ~ User Name: annie ~ All Users Names: HomeGroupUser$, annie, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\annie\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\annie\AppData\Roaming\ ~ %Desktop% : C:\Users\annie\Desktop\ ~ %Favorites% : C:\Users\annie\Favorites\ ~ %LocalAppData% : C:\Users\annie\AppData\Local\ ~ %StartMenu% : C:\Users\annie\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 166 Go of 222 Go) D: CD-ROM drive (Not Inserted) Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go) ---\\ Etat du Centre de Sécurité Windows ~ Security Center: 47 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.2011-02-25 - 00:30:54.) -- C:\Windows\Explorer.exe [2616320] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2009-07-13 - 20:14:45.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.927FA6456AD6D7630F6854828D2FD16B] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2013-11-26 - 01:33:33.) -- C:\Windows\System32\wininet.dll [1820160] [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.2010-11-20 - 07:17:54.) -- C:\Windows\System32\Winlogon.exe [286720] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.2010-11-20 - 07:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536] [MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2013-09-13 - 19:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2009-07-13 - 20:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2009-07-13 - 18:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2010-11-20 - 03:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2010-11-20 - 03:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2010-11-20 - 04:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.2009-07-13 - 18:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.2009-07-13 - 18:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011-04-26 - 21:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.2010-11-20 - 03:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904] [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2013-04-12 - 08:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.2009-07-13 - 18:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2009-07-13 - 18:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.2009-07-13 - 18:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.2010-11-20 - 03:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2010-11-20 - 07:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/1922 Mes Videos (My Videos) : 3/3 (Modified) ~ Mes Favoris (My Favorites) : 1/34 ~ Mes Documents (My Documents) : 1/39 ~ Mon Bureau (My Desktop) : 2/20 ~ Menu demarrer (Programs) : 1/27 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.DE09BEC7B6F8AA3354DE5E663218B8CA] - (.Conduit - Search Protect by Conduit.) -- C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe [4180256] [PID.3056] =>Toolbar.Conduit [MD5.0C0D9A079675E93DEE6BE74E237CC697] - (.Conduit - Search Protect by Conduit.) -- C:\Program Files\SearchProtect\UI\bin\cltmngui.exe [2849056] [PID.3140] =>Toolbar.Conduit [MD5.567B0B979E206C3E1E7B4422A2D0A5AD] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1602856] [PID.3196] [MD5.A9D62C7793510D81342AC1AC50FB70F5] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe [495708] [PID.4048] [MD5.02E25C4CA19D46A3540D491A3BFD7CC3] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [136216] [PID.848] [MD5.DB2BD1458D3F76536BFC80CE4467D260] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.4100] [MD5.6A3BEBE7A6F99DDF00906C5AB8006D2A] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [170520] [PID.4132] [MD5.C7AF01132A0DD241A1A0DBE9B62A9A1C] - (.Dell Inc. - QuickSet.) -- C:\Program Files\Dell\QuickSet\quickset.exe [3873648] [PID.4180] [MD5.B7680F36C41AE21C0ECA96523443831F] - (.Pas de propriétaire - FF_Protection MFC Application.) -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664] [PID.4232] [MD5.22001D1308E34153D2BCD51368E14F7B] - (.Dell Inc. - DW WLAN Card Wireless Network Tray Applet.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5249024] [PID.4332] [MD5.A7810B302294793DE88542AAE177D1B1] - (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424] [PID.4488] [MD5.F400694D7D2785F60133C20F7F2F4F7A] - (.ArcSoft Inc. - ArcSoft Connect Notifier.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac [309824] [PID.4608] [MD5.B577EEC115324FD6F4C5066DE9CDD519] - (.Alcatel-Lucent - mcci+McciTrayApp.) -- C:\Program Files\BellCanada\McciTrayApp.exe [1564160] [PID.4668] [MD5.D50F04F005C94FA3802A6E05CFCF4A9A] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.4988] [MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [20584608] [PID.5044] [MD5.1E979FACD154951646B1A3936F8D2A80] - (.Smartbar - Smartbar.) -- C:\Users\annie\AppData\Local\Smartbar\Application\Smartbar.exe [21024] [PID.5056] =>Hijacker.SmartBar [MD5.46B9C74861D98EDA9E6E56D19BEAF91A] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [795936] [PID.5148] [MD5.C16EDEA635300AC0EE58E182A04D71B6] - (.Systweak - Advanced System Protector.) -- C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe [6563184] [PID.5660] =>PUP.AdvancedSystemProtector [MD5.4CCF76ED78F461670FA2854F8E97820E] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [992960] [PID.5820] [MD5.11E8D8272FDBE213ADE3DAD91427CE35] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe [11322880] [PID.2444] [MD5.2337EC951C4AF6E1AF65D10BD9615BEB] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin [11314688] [PID.6124] [MD5.AB43F9DE72DC992A1A2BB78E45FC0B4E] - (.Dell - Dell System Detect.) -- C:\Users\annie\AppData\Local\Apps\2.0\2CC76G9L.CJN\Q3XEPB7W.Q1P\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe [264816] [PID.5996] [MD5.2E0DB1EB7E0262DB906F885FBA438B40] - (.PC-Doctor, Inc. - PC-Doctor Module.) -- C:\Program Files\My Dell\uaclauncher.exe [1146360] [PID.5572] [MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.7856] [MD5.486BDC196F8914845302745A15310D62] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\annie\ZHPDiag\ZHPDiag.exe [8321024] [PID.7924] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\annie\AppData\Local\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [user Data\Default] http://feed.snap.do =>Hijacker.SmartBar G0 - GCSP: Preference [user Data\Default][HomePage] http://feed.snap.do =>Hijacker.SmartBar G0 - GCSP: Preference [user Data\Default] http://feed.snap.do =>Hijacker.SmartBar G2 - GCE: Preference [user Data\Default] [amfclgbdpgndipgoegfpkkgobahigbcl] Shopping Helper Smartbar v.1.4, (Activé) =>Hijacker.SmartBar G2 - GCE: Preference [user Data\Default] [boipimhfjpakfgckhbljjengakjhkcbp] MixiDJ Toolbar v.1.2 (Désactivé) =>Toolbar.MixiDJ G2 - GCE: Preference [user Data\Default] [cmpbpnkoikcggmppnalaiieflihcfmdc] Music Remote v.1.0, (Activé) G2 - GCE: Preference [user Data\Default] [dchlnpcodkpfdpacogkljefecpegganj] URL Advisor v.14.0.0.4651 (Désactivé) G2 - GCE: Preference [user Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé) G2 - GCE: Preference [user Data\Default] [hakdifolhalapjijoafobooafbilfakh] Protection bancaire v.14.0.0.4651 (Désactivé) G2 - GCE: Preference [user Data\Default] [hghkgaeecgjhjkannahfamoehjmkjail] Module de blocage des sites Internet dangereux v.14.0.0.4651 (Désactivé) G2 - GCE: Preference [user Data\Default] [kigpmgkoelepakabiliblldhdpnidcod] Shop-Up v.1.26.50, (Activé) =>PUP.CrossRider G2 - GCE: Preference [user Data\Default] [lmcedemcahkmaidbipmniofjcocajlgk] Swirlz v.10.24.3.503, (Activé) G2 - GCE: Preference [user Data\Default] [nfnglnjhhbjjkfggljifgnmdgpecgjmp] Vafmusic6 v.10.24.3.503, (Activé) =>Toolbar.Vafmusic ~ Google Browser: 23 Legitimates Filtered in 00mn 01s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\annie\AppData\Roaming\Mozilla\Firefox\Profiles\20ndpx0x.default\prefs.js C:\Users\annie\AppData\Roaming\Mozilla\Firefox\Profiles\20ndpx0x.default\user.js C:\Users\annie\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js C:\Users\annie\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js M3 - MFPP: Plugins - [annie] -- C:\Users\annie\AppData\Roaming\Mozilla\Firefox\Profiles\20ndpx0x.default\searchplugins\conduit.xml M3 - MFPP: Plugins - [annie] -- C:\Users\annie\AppData\Roaming\Mozilla\Firefox\Profiles\20ndpx0x.default\searchplugins\Web Search.xml =>Parasite.Pugi M0 - MFSP: prefs.js [annie - 20ndpx0x.default] http://feed.snap.do =>Hijacker.SmartBar M2 - MFEP: prefs.js [annie - 20ndpx0x.default\{4cb3c467-0d72-44e6-9237-750b9b8b5ac9}] [] Swirlz v10.23.0.822 (..) ~ Firefox Browser: 25 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do =>Hijacker.SmartBar R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do =>Hijacker.SmartBar R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do =>Hijacker.SmartBar R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do =>Hijacker.SmartBar R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do =>Hijacker.SmartBar ~ IE Browser: 18 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Shopping Helper Smartbar - [HKLM]{ae07101b-46d4-4a98-af68-0333ea26e113} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>Hijacker.SmartBar O3 - Toolbar: Music Remote - [HKLM]{D2C31D2B-35BE-4C2B-ACCB-A78877274E60} . (.KangoExtensions - Kango BHO.) -- C:\Program Files\Music Remote\1.0\KangoBHO.dll O3 - Toolbar: Bing Bar - [HKLM]{8dcb7100-df86-4384-8842-8fa844297b3f} . (.Microsoft Corporation. - Extensions du client Bing.) -- C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll =>Toolbar.Bing O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D4027C7F-154A-4066-A1AD-4243D8127440} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D2CF9842-AF95-48CD-B873-BFBB48CD7F5E} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D2C31D2B-35BE-4C2B-ACCB-A78877274E60} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: Advanced System Protector.lnk . (.Systweak - Advanced System Protector.) -- C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe =>PUP.AdvancedSystemProtector O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\Desktop [Public]: Kaspersky Internet Security.lnk . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\Desktop [Public]: VideoPlayer.lnk . (.Tuguu SL - VAFPlayer.) -- C:\Program Files\VideoPlayer\VAFPlayer.exe =>PUP.VAFPlayer O4 - GS\Program [Public]: Documentation d'aide de Dell.lnk . (.Dell Inc. - Dell Document Viewer.) -- C:\Program Files\Dell Inc\Dell Edoc Viewer\EDocs.exe O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\QuickLaunch [annie]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch [annie]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [annie]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\TaskBar [annie]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [annie]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\Program [annie]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Program [annie]: Search.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://feed.snap.do =>Hijacker.SmartBar O4 - GS\SystemTools [annie]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SendTo [annie]: Desk 365.lnk . (.337 Technology Limited. - Desk 365 application.) -- C:\Program Files\Desk 365\desk365.exe =>Hijacker.22Find O4 - GS\Desktop [annie]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Desktop [annie]: Protection bancaire.lnk . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe O4 - GS\Desktop [annie]: Search.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://feed.snap.do =>Hijacker.SmartBar O4 - GS\Desktop [annie]: Vérification Internet de Bell.lnk . (.Alcatel-Lucent - mcci+McciBrowser.) -- C:\Program Files\BellCanada\McciBrowser.exe ~ Global Startup: 71 Legitimates Filtered in 00mn 00s ---\\ Applications lancées au démarrage du sytème (O4) O4 - GS\Startup [Public]: Bluetooth.lnk . (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe O4 - GS\Startup [annie]: OpenOffice.org 3.3.lnk . (...) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - HKLM\..\Run: [synTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [QuickSet] . (.Dell Inc. - QuickSet.) -- C:\Program Files\Dell\QuickSet\QuickSet.exe O4 - HKLM\..\Run: [FreeFallProtection] . (.Pas de propriétaire - FF_Protection MFC Application.) -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] . (.Dell Inc. - DW WLAN Card Wireless Network Tray Applet.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe O4 - HKLM\..\Run: [Dell Webcam Central] . (.Creative Technology Ltd - WebcamDell2.exe.) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe O4 - HKLM\..\Run: [Nikon Message Center 2] . (.Nikon Corporation - Nikon Message Center 2.) -- C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] . (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe O4 - HKLM\..\Run: [bellCanada_McciTrayApp] . (.Alcatel-Lucent - mcci+McciTrayApp.) -- C:\Program Files\BellCanada\McciTrayApp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\annie\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - Chargeur CTF.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\annie\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKCU\..\Run: [skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKCU\..\Run: [browser Infrastructure Helper] . (.Smartbar - Smartbar.) -- C:\Users\annie\AppData\Local\Smartbar\Application\Smartbar.exe =>Hijacker.SmartBar O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google O4 - HKCU\..\Run: [DellSystemDetect] . (...) -- C:\Users\annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] . (.Microsoft Corporation - Chargeur CTF.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-18\..\RunOnce: [spUninstallDeleteDir] Clé orpheline O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-3914829785-678653437-3122049891-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\annie\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc O4 - HKUS\S-1-5-21-3914829785-678653437-3122049891-1000\..\Run: [ctfmon.exe] . (.Microsoft Corporation - Chargeur CTF.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-3914829785-678653437-3122049891-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\annie\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKUS\S-1-5-21-3914829785-678653437-3122049891-1000\..\Run: [skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKUS\S-1-5-21-3914829785-678653437-3122049891-1000\..\Run: [browser Infrastructure Helper] . (.Smartbar - Smartbar.) -- C:\Users\annie\AppData\Local\Smartbar\Application\Smartbar.exe =>Hijacker.SmartBar O4 - HKUS\S-1-5-21-3914829785-678653437-3122049891-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google O4 - HKUS\S-1-5-21-3914829785-678653437-3122049891-1000\..\Run: [DellSystemDetect] . (...) -- C:\Users\annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll O9 - Extra button: Clavier virtuel - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kbrd.ico O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico O9 - Extra button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- c:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico O9 - Extra button: Analyse des liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\logo.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains] *.dell.com ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: Garmin Communicator Plug-In (Garmin Communicator Plug-In) - https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} ((no name)) - http://support.dell.com/systemprofiler/DellSystemLite.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{143DB75E-6579-423C-97EB-C30F10584A96}: DhcpNameServer = 192.168.5.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{143DB75E-6579-423C-97EB-C30F10584A96}: DhcpNameServer = 192.168.5.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{143DB75E-6579-423C-97EB-C30F10584A96}: DhcpNameServer = 192.168.5.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (.Conduit - Search Protect by Conduit.) - C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll =>Toolbar.Conduit ~ AppInit DLL: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Search Protect by Conduit Service (CltMngSvc) . (.Conduit - Search Protect by Conduit.) - C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe =>Toolbar.Conduit O23 - Service: Desk 365 service (desksvc) . (.337 Technology Limited. - dsk service.) - C:\Program Files\Desk 365\deskSvc.exe =>Hijacker.22Find O23 - Service: DW WLAN Tray Service (wltrysvc) . (.Dell Inc. - DW WLAN Card Wireless Network Service.) - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.exe ~ Services: 15 Legitimates Filtered in 00mn 10s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Dealply.job [290] =>PUP.DealPly [MD5.C16EDEA635300AC0EE58E182A04D71B6] [APT] [Advanced System Protector_startup] (.Systweak.) -- C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe [6563184] =>PUP.AdvancedSystemProtector [MD5.311BCE25242D9D00CBD7BB9D8B6E1315] [APT] [Dealply] (...) -- C:\Users\annie\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.exe [102968] =>PUP.DealPly [MD5.202E7F473DD476C8EBBF0BD5506B97C2] [APT] [Desk 365 RunAsStdUser] (.337 Technology Limited..) -- C:\Program Files\Desk 365\desk365.exe [1011792] =>Hijacker.22Find [MD5.F64487396AB10165DC80BC15CF854D31] [APT] [EPUpdater] (...) -- C:\Users\annie\AppData\Roaming\BabSolution\Shared\BabMaint.exe [10320] =>Hijacker.BabSolution [MD5.00000000000000000000000000000000] [APT] [LaunchApp] (...) -- C:\Program Files\MyPC Backup\MyPC Backup.exe (.not file.) [0] =>PUP.MyPCBackup [MD5.00000000000000000000000000000000] [APT] [{0C79F12B-021A-4E39-83A7-97DD1E06DCA8}] (...) -- C:\Program Files\Shop-Up\Uninstall.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [{AA28CA8B-591C-4352-BA99-AE59D0E2F175}] (...) -- C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (.not file.) [0] =>PUP.BitGuard ~ Scheduled Task: 28 Legitimates Filtered in 00mn 02s ---\\ Pilotes lancés au démarrage du système (O41) O41 - Driver: (vpjofneg) . (. - .) - C:\Windows\system32\drivers\vpjofneg.sys (.not file.) ~ Drivers: 78 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Advanced System Protector - (.Systweak Software.) [HKLM] -- 00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1 =>PUP.AdvancedSystemProtector O42 - Logiciel: Desk 365 - (.337 Technology Limited..) [HKLM] -- Desk 365 =>Hijacker.22Find O42 - Logiciel: MixiDJ V45 Toolbar for IE - (.MixiDJ V45.) [HKLM] -- IECT3298581 =>Toolbar.MixiDJ O42 - Logiciel: Search Protect - (.Conduit.) [HKLM] -- SearchProtect =>Toolbar.Conduit O42 - Logiciel: Shopping Helper Smartbar - (.ReSoft Ltd..) [HKLM] -- {1030322F-DBCF-42B8-BAC3-273CB5772CCF} =>Hijacker.SmartBar O42 - Logiciel: Shopping Helper Smartbar Engine - (.ReSoft Ltd..) [HKCU] -- {17093dda-8532-430a-b24f-5f61cc91f7c5} =>Hijacker.SmartBar O42 - Logiciel: Vérification Internet de Bell - (...) [HKLM] -- BellCanada ~ Logic: 22 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\BabSolution] =>Hijacker.BabSolution [HKCU\Software\Conduit] =>Toolbar.Conduit [HKCU\Software\DataMngr] =>PUP.Datamngr [HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr [HKCU\Software\DealPlyLive] =>PUP.DealPly [HKCU\Software\InstalledThirdPartyPrograms] [HKCU\Software\Mixi.DJ] [HKCU\Software\SmartbarBackup] =>Hijacker.SmartBar [HKCU\Software\SmartbarLog] =>Hijacker.SmartBar [HKCU\Software\Smartbar] =>Hijacker.SmartBar [HKCU\Software\YahooPartnerToolbar] [HKCU\Software\d578c8db53bb814] [HKLM\Software\Conduit] =>Toolbar.Conduit [HKLM\Software\DataMngr] =>PUP.Datamngr [HKLM\Software\DealPlyLive] =>PUP.DealPly [HKLM\Software\DomaIQ] =>Adware.DomaIQ [HKLM\Software\InstalledThirdPartyPrograms] [HKLM\Software\V9] [HKLM\Software\d578c8db53bb814] [HKLM\Software\deskSvc] [HKLM\Software\eSafeSecControl] =>PUP.eSafeSecurity ~ Key Software: 243 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 2013-10-27 - 06:04:15 - [17,956] ----D C:\Program Files\Advanced System Protector =>PUP.AdvancedSystemProtector O43 - CFD: 2013-04-19 - 21:29:25 - [7,882] ----D C:\Program Files\BellCanada O43 - CFD: 2013-11-30 - 13:20:02 - [1,440] ----D C:\Program Files\Conduit O43 - CFD: 2013-10-27 - 11:45:07 - [0,851] ----D C:\Program Files\DealPly =>PUP.DealPly O43 - CFD: 2013-10-27 - 11:59:37 - [0] ----D C:\Program Files\DealPlyLive =>PUP.DealPly O43 - CFD: 2014-01-02 - 12:28:48 - [9,903] ----D C:\Program Files\Desk 365 =>Hijacker.22Find O43 - CFD: 2013-07-13 - 07:47:19 - [0,705] ----D C:\Program Files\GUMFD8B.tmp O43 - CFD: 2013-12-01 - 17:00:04 - [7,365] ----D C:\Program Files\MyPC Backup =>PUP.MyPCBackup O43 - CFD: 2013-10-27 - 06:04:51 - [0,046] ----D C:\Program Files\Uninstaller O43 - CFD: 2012-01-10 - 12:01:07 - [0] ----D C:\ProgramData\Ask O43 - CFD: 2013-10-06 - 10:53:34 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon O43 - CFD: 2013-10-06 - 10:53:46 - [0,082] ----D C:\ProgramData\BitGuard =>PUP.BitGuard O43 - CFD: 2013-10-06 - 09:26:37 - [0,609] ----D C:\ProgramData\Conduit O43 - CFD: 2013-10-06 - 10:54:29 - [0,729] ----D C:\ProgramData\DealPlyLive =>PUP.DealPly O43 - CFD: 2013-10-31 - 08:49:38 - [0,044] ----D C:\ProgramData\eSafe =>PUP.eSafeSecurity O43 - CFD: 2011-05-06 - 15:17:54 - [0] ----D C:\ProgramData\Filter O43 - CFD: 2013-10-06 - 10:53:41 - [1,263] ----D C:\Users\annie\AppData\Roaming\BabSolution =>Hijacker.BabSolution O43 - CFD: 2013-10-06 - 10:53:34 - [0,003] ----D C:\Users\annie\AppData\Roaming\Babylon =>PUP.Babylon O43 - CFD: 2013-10-06 - 10:54:21 - [0,098] ----D C:\Users\annie\AppData\Roaming\Dealply =>PUP.DealPly O43 - CFD: 2013-10-27 - 06:05:06 - [5,677] ----D C:\Users\annie\AppData\Roaming\Desk 365 =>Hijacker.22Find O43 - CFD: 2014-01-02 - 13:09:13 - [2,824] ----D C:\Users\annie\AppData\Local\Conduit O43 - CFD: 2013-10-06 - 10:54:29 - [0] ----D C:\Users\annie\AppData\Local\DealPlyLive =>PUP.DealPly O43 - CFD: 2013-10-06 - 10:51:25 - [20,895] ----D C:\Users\annie\AppData\Local\Smartbar =>Hijacker.SmartBar O43 - CFD: 2013-10-06 - 10:53:51 - [0,001] ----D C:\Users\annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard =>PUP.BitGuard ~ 1928 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 2197 Legitimates Filtered in 00mn 34s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.EC5A96A4A60F598A61973090136BEC5D] - 2014-01-02 - 12:18:09 ---A- . (...) -- C:\Windows\ntbtlog.txt [230550] O44 - LFC:[MD5.422023E9BAE9078FDCA7C4E068A505DF] - 2014-01-02 - 13:09:10 ---A- . (...) -- C:\logFileUI.txt [1987] O44 - LFC:[MD5.5451A1070BE6861B437718182A5FDEC0] - 2014-01-02 - 13:15:45 ---A- . (...) -- C:\Windows\IE11_main.log [16197] ~ Files: 15 Legitimates Filtered in 01mn 20s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.3C189400C996A4301C3F1BD93C9C1A17] - 2009-12-03 - 01:24:38 ---A- . (.ST Microelectronics - Accelerometer Port I/O.) -- C:\Windows\System32\Drivers\Acceler.sys [41648] O58 - SDL:[MD5.C351EB0DEB102D7EC67CDDEE6513DDF5] - 2010-09-29 - 11:38:00 ---A- . (.ST Microelectronics - Accelerometer Port I/O.) -- C:\Windows\System32\Drivers\Accelern.sys [43888] O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 2009-07-13 - 20:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712] O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 2009-07-13 - 17:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624] O58 - SDL:[MD5.1E72739A30A0D3E3FC95EBB07F83912D] - 2010-08-20 - 12:04:38 ---A- . (.ST Microelectronics - Disk Class Filter Driver for Accelerometer.) -- C:\Windows\System32\Drivers\stdcfltn.sys [17648] O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 2009-07-13 - 20:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072] O58 - SDL:[MD5.06CBB271F42EF70FB6EF372C491BA9AA] - 2010-04-07 - 07:35:04 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt.sys [423936] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 2009-07-13 - 16:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 2009-07-13 - 16:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097] O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 2009-07-13 - 16:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768] O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 2009-07-13 - 16:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 2009-07-13 - 16:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537] O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 2009-07-13 - 16:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 2009-07-13 - 16:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 2009-07-13 - 16:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 2009-07-13 - 16:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 2009-07-13 - 16:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146] O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 2009-07-13 - 16:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952] O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 2009-07-13 - 16:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672] O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 2009-07-13 - 16:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776] O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 2009-07-13 - 16:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536] O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 2009-07-13 - 16:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672] ~ Drivers: 16 Legitimates Filtered in 00mn 11s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.exe> <exefile>[HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.exe> <exefile>[HKU\..\open\Command] (.Not Key.) ~ FASS Keys: 13 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Users\annie\AppData\Local\rks.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: C:\Users\annie\AppData\Roaming\Mozilla\Firefox\Profiles\20ndpx0x.default\searchplugins\conduit.xml O69 - SBI: prefs.js [annie - 20ndpx0x.default] user_pref("CT3309759.originalSearchEngine", "Web Search"); O69 - SBI: prefs.js [annie - 20ndpx0x.default] user_pref("Smartbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT3309759&octid=CT3309759&SearchSource=61&CUI=UN301821[...] =>Hijacker.SmartBar O69 - SBI: prefs.js [annie - 20ndpx0x.default] user_pref("browser.search.defaultthis.engineName", "Swirlz Customized Web Search"); O69 - SBI: prefs.js [annie - 20ndpx0x.default] user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3309759&CUI=UN30182175182185376&UM=2&Sear[...] O69 - SBI: prefs.js [annie - 20ndpx0x.default] user_pref("smartbar.conduitHomepageList", "http://search.conduit.com/?ctid=CT3309759&CUI=UN30182175182185376&UM=2&SearchSource=13,[...] =>Hijacker.SmartBar O69 - SBI: prefs.js [annie - 20ndpx0x.default] user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3309759&SearchSource=2&CUI=UN3[...] =>Hijacker.SmartBar O69 - SBI: prefs.js [annie - 20ndpx0x.default] user_pref("smartbar.originalHomepage", "http://search.conduit.com/?ctid=CT3309759&CUI=UN30182175182185376&UM=2&SearchSource=13"); =>Hijacker.SmartBar O69 - SBI: SearchScopes [HKCU] {006ee092-9658-4fd6-bd8e-a21a348e59f5} - (Web Search) - http://feed.snap.do =>Hijacker.SmartBar O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [DefaultScope] - (Conduit Search) - http://search.conduit.com O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Mixi.DJ Search) - http://mixidj.delta-search.com =>Toolbar.DeltaSearch O69 - SBI: SearchScopes [HKCU] {1D52EE26-D643-4A7E-89BA-A88A5A6C8941} - (Vafmusic6 Customized Web Search) - http://search.conduit.com =>Toolbar.Vafmusic ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.194F7E73AAC2808F8FA0BDF20FA1134E] [sPRF][2011-02-05] (...) -- C:\ProgramData\ezsidmv.dat [56] [MD5.8155A95650E98B22A5A33A7F664A4620] [sPRF][2012-06-20] (...) -- C:\Users\annie\AppData\Local\Temp\4D95936B-806F-49F3-A315-DAC279C3A891.dat [25245] [MD5.B32E406198CBA9E4AF03FA1CF7E72DE2] [sPRF][2013-10-06] (...) -- C:\Users\annie\AppData\Local\Temp\6_Offer_9.exe [1622427] [MD5.CE755676AE6D27A1EFEEFB0F3C70A929] [sPRF][2013-05-13] (.Ask.com - AskStub Application.) -- C:\Users\annie\AppData\Local\Temp\ApnStub.exe [358600] [MD5.858D895AD40DE9779E78C39A116F9553] [sPRF][2013-10-10] (...) -- C:\Users\annie\AppData\Local\Temp\BackupSetup.exe [10355400] [MD5.9EAB97885595799488D678A38BBFEC99] [sPRF][2013-01-24] (.Conduit - Pas de description.) -- C:\Users\annie\AppData\Local\Temp\checktbexist.exe [205888] =>Toolbar.Conduit [MD5.023D6D4CD1D47FCD8CBC1C032C70B6B0] [sPRF][2013-09-17] (.@ - Manages Products.) -- C:\Users\annie\AppData\Local\Temp\DownloadManager.exe [1282616] [MD5.F1E16AB9120369E7D70D0C18F8453490] [sPRF][2013-02-03] (.Conduit - Pas de description.) -- C:\Users\annie\AppData\Local\Temp\mconduitinstaller.exe [68528] =>Adware.Bloson [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [sPRF][2013-05-08] (.Conduit - SP Usage Sender.) -- C:\Users\annie\AppData\Local\Temp\nsb5C8.exe [110936] =>Toolbar.Conduit [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [sPRF][2013-05-08] (.Conduit - SP Usage Sender.) -- C:\Users\annie\AppData\Local\Temp\nseC9B7.exe [110936] =>Toolbar.Conduit [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [sPRF][2013-09-22] (.Conduit - SP Usage Sender.) -- C:\Users\annie\AppData\Local\Temp\nsj144A.exe [110936] =>Toolbar.Conduit [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [sPRF][2013-05-08] (.Conduit - SP Usage Sender.) -- C:\Users\annie\AppData\Local\Temp\nsjAFE3.exe [110936] =>Toolbar.Conduit [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [sPRF][2013-05-08] (.Conduit - SP Usage Sender.) -- C:\Users\annie\AppData\Local\Temp\nsl25B9.exe [110936] =>Toolbar.Conduit [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [sPRF][2013-05-08] (.Conduit - SP Usage Sender.) -- C:\Users\annie\AppData\Local\Temp\nso5E2.exe [110936] =>Toolbar.Conduit [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [sPRF][2013-09-22] (.Conduit - SP Usage Sender.) -- C:\Users\annie\AppData\Local\Temp\nst59C2.exe [110936] =>Toolbar.Conduit [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [sPRF][2013-09-22] (.Conduit - SP Usage Sender.) -- C:\Users\annie\AppData\Local\Temp\nst6D06.exe [110936] =>Toolbar.Conduit [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [sPRF][2013-05-08] (.Conduit - SP Usage Sender.) -- C:\Users\annie\AppData\Local\Temp\nstAF28.exe [110936] =>Toolbar.Conduit [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [sPRF][2013-05-08] (.Conduit - SP Usage Sender.) -- C:\Users\annie\AppData\Local\Temp\nstD8B7.exe [110936] =>Toolbar.Conduit [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [sPRF][2013-05-08] (.Conduit - SP Usage Sender.) -- C:\Users\annie\AppData\Local\Temp\nsuA17F.exe [110936] =>Toolbar.Conduit [MD5.4E947F450AABCCCD1636B8F63A1E83B2] [sPRF][2013-09-22] (.Conduit - Search Protect by Conduit.) -- C:\Users\annie\AppData\Local\Temp\SecondStepInstaller.exe [2614848] =>Toolbar.Conduit [MD5.B2AC8F6C8464929EB37E12AC1B065F95] [sPRF][2013-06-30] (...) -- C:\Users\annie\AppData\Local\Temp\secuniasi1426888119460623538.dll [192512] [MD5.B2AC8F6C8464929EB37E12AC1B065F95] [sPRF][2013-06-30] (...) -- C:\Users\annie\AppData\Local\Temp\secuniasi8734086427034335960.dll [192512] [MD5.BAB9F8DF2C03A10F144C20D844118F51] [sPRF][2013-07-01] (...) -- C:\Users\annie\AppData\Local\Temp\setup.exe [796144] [MD5.EA5C1D73FB6840B69E5034ACE95684AF] [sPRF][2013-09-11] (.Conduit - Search Protect by conduit.) -- C:\Users\annie\AppData\Local\Temp\SPStub.exe [68968] =>Toolbar.Conduit [MD5.975993043E355206A1FBA5A702044F0C] [sPRF][2013-11-06] (.Conduit Ltd. - Conduit Toolbar.) -- C:\Users\annie\AppData\Local\Temp\tbVaf2.dll [5178144] =>Toolbar.Conduit [MD5.3C74C26999F2060BC6302448F173A342] [sPRF][2013-08-28] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\annie\AppData\Local\Temp\uninst1.exe [340464] =>PUP.Babylon ~ Files: 35 Legitimates Filtered in 00mn 09s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "{E29DDAAB-6949-44DA-8672-AE27CB43326C}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Tango\Tango.exe (.not file.) O87 - FAEL: "{D875F44A-DCF3-4023-A95A-DF7824D4CFCD}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Tango\Tango.exe (.not file.) O87 - FAEL: "TCP Query User{BD6E8374-82AA-40D3-A68C-E11FF8D10A7E}C:\program files\tango\tango.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\tango\tango.exe (.not file.) O87 - FAEL: "UDP Query User{2402B91E-70D2-4745-9DA5-A2248147A663}C:\program files\tango\tango.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\tango\tango.exe (.not file.) O87 - FAEL: "{F086C4F5-EC29-4585-9177-9B72830D776D}" |In - Public - P6 - TRUE | .(...) -- C:\ProgramData\eSafe\eGdpSvc.exe (.not file.) =>PUP.eSafeSecurity ~ Firewall: 222 Legitimates Filtered in 00mn 02s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "3E9A223DB85706D47A4C568CF83D870D" . (.Bing Bar.) -- C:\Windows\Installer\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}\icon_installer_ico =>Toolbar.Bing ~ Update Products: 85 Legitimates Filtered in 00mn 00s ---\\ Export de clés de registre aléatoires (O91) [HKCU\Software\d578c8db53bb814]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel [HKCU\Software\d578c8db53bb814]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\d578c8db53bb814]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\d578c8db53bb814]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\d578c8db53bb814]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\d578c8db53bb814]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\d578c8db53bb814]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\d578c8db53bb814]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\d578c8db53bb814]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\d578c8db53bb814]:HPCHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKCU\Software\d578c8db53bb814]:HPCHREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\d578c8db53bb814]:HPCHREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:HPCHREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:HPCHREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" [HKCU\Software\d578c8db53bb814]:HPCHREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" [HKCU\Software\d578c8db53bb814]:HPCHREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:HPCHREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" [HKCU\Software\d578c8db53bb814]:HPCHREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" [HKCU\Software\d578c8db53bb814]:HPCHREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" [HKCU\Software\d578c8db53bb814]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\d578c8db53bb814]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\d578c8db53bb814]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\d578c8db53bb814]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\d578c8db53bb814]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\d578c8db53bb814]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\d578c8db53bb814]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\d578c8db53bb814]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\d578c8db53bb814]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\d578c8db53bb814]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\d578c8db53bb814]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\d578c8db53bb814]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\d578c8db53bb814]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\d578c8db53bb814]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\d578c8db53bb814]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\d578c8db53bb814]:HPFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKCU\Software\d578c8db53bb814]:HPFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\d578c8db53bb814]:HPFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:HPFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:HPFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" [HKCU\Software\d578c8db53bb814]:HPFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" [HKCU\Software\d578c8db53bb814]:HPFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:HPFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" [HKCU\Software\d578c8db53bb814]:HPFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" [HKCU\Software\d578c8db53bb814]:HPFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" [HKCU\Software\d578c8db53bb814]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\d578c8db53bb814]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\d578c8db53bb814]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\d578c8db53bb814]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\d578c8db53bb814]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\d578c8db53bb814]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\d578c8db53bb814]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\d578c8db53bb814]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\d578c8db53bb814]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\d578c8db53bb814]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\d578c8db53bb814]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\d578c8db53bb814]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\d578c8db53bb814]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\d578c8db53bb814]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\d578c8db53bb814]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\d578c8db53bb814]:HPIEREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKCU\Software\d578c8db53bb814]:HPIEREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\d578c8db53bb814]:HPIEREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:HPIEREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:HPIEREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" [HKCU\Software\d578c8db53bb814]:HPIEREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" [HKCU\Software\d578c8db53bb814]:HPIEREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:HPIEREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" [HKCU\Software\d578c8db53bb814]:HPIEREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" [HKCU\Software\d578c8db53bb814]:HPIEREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" [HKCU\Software\d578c8db53bb814]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\d578c8db53bb814]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\d578c8db53bb814]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\d578c8db53bb814]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\d578c8db53bb814]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\d578c8db53bb814]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\d578c8db53bb814]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\d578c8db53bb814]:INSTALL_FOLDER_NAME="BitGuard" =>PUP.BitGuard [HKCU\Software\d578c8db53bb814]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\d578c8db53bb814]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\d578c8db53bb814]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\d578c8db53bb814]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\d578c8db53bb814]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\d578c8db53bb814]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\d578c8db53bb814]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\d578c8db53bb814]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\d578c8db53bb814]:KWFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKCU\Software\d578c8db53bb814]:KWFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\d578c8db53bb814]:KWFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:KWFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:KWFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" [HKCU\Software\d578c8db53bb814]:KWFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" [HKCU\Software\d578c8db53bb814]:KWFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:KWFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" [HKCU\Software\d578c8db53bb814]:KWFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" [HKCU\Software\d578c8db53bb814]:KWFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" [HKCU\Software\d578c8db53bb814]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\d578c8db53bb814]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\d578c8db53bb814]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\d578c8db53bb814]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\d578c8db53bb814]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\d578c8db53bb814]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\d578c8db53bb814]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\d578c8db53bb814]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R" [HKCU\Software\d578c8db53bb814]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb" [HKCU\Software\d578c8db53bb814]:NTCHREGEXP2="FO81jovjQUF+5S6+hbF/tG24SsHn9oyWDBuXLj1U8e1fjIJv8XSE4Dy75IlV" [HKCU\Software\d578c8db53bb814]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\d578c8db53bb814]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\d578c8db53bb814]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\d578c8db53bb814]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\d578c8db53bb814]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\d578c8db53bb814]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\d578c8db53bb814]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\d578c8db53bb814]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\d578c8db53bb814]:NTFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKCU\Software\d578c8db53bb814]:NTFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\d578c8db53bb814]:NTFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:NTFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:NTFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" [HKCU\Software\d578c8db53bb814]:NTFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" [HKCU\Software\d578c8db53bb814]:NTFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:NTFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" [HKCU\Software\d578c8db53bb814]:NTFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" [HKCU\Software\d578c8db53bb814]:NTFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" [HKCU\Software\d578c8db53bb814]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\d578c8db53bb814]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\d578c8db53bb814]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:NTFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\d578c8db53bb814]:NTFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\d578c8db53bb814]:NTFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\d578c8db53bb814]:NTFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\d578c8db53bb814]:NTFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\d578c8db53bb814]:PROTECTOR_DLL_NAME="BitGuard.dll" =>PUP.BitGuard [HKCU\Software\d578c8db53bb814]:PROTECT_EXE_NAME="BitGuard.exe" =>PUP.BitGuard [HKCU\Software\d578c8db53bb814]:SECHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\d578c8db53bb814]:SECHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:SECHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\d578c8db53bb814]:SECHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\d578c8db53bb814]:SECHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\d578c8db53bb814]:SECHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\d578c8db53bb814]:SECHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\d578c8db53bb814]:SECHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\d578c8db53bb814]:SECHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\d578c8db53bb814]:SECHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKCU\Software\d578c8db53bb814]:SECHREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:SECHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\d578c8db53bb814]:SECHREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:SECHREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:SECHREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" [HKCU\Software\d578c8db53bb814]:SECHREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" [HKCU\Software\d578c8db53bb814]:SECHREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:SECHREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" [HKCU\Software\d578c8db53bb814]:SECHREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" [HKCU\Software\d578c8db53bb814]:SECHREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" [HKCU\Software\d578c8db53bb814]:SECHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\d578c8db53bb814]:SECHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\d578c8db53bb814]:SECHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:SECHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\d578c8db53bb814]:SECHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\d578c8db53bb814]:SECHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\d578c8db53bb814]:SECHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\d578c8db53bb814]:SECHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\d578c8db53bb814]:SEFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\d578c8db53bb814]:SEFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:SEFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\d578c8db53bb814]:SEFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\d578c8db53bb814]:SEFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\d578c8db53bb814]:SEFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\d578c8db53bb814]:SEFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\d578c8db53bb814]:SEFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\d578c8db53bb814]:SEFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\d578c8db53bb814]:SEFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKCU\Software\d578c8db53bb814]:SEFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:SEFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\d578c8db53bb814]:SEFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:SEFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:SEFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" [HKCU\Software\d578c8db53bb814]:SEFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" [HKCU\Software\d578c8db53bb814]:SEFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:SEFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" [HKCU\Software\d578c8db53bb814]:SEFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" [HKCU\Software\d578c8db53bb814]:SEFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" [HKCU\Software\d578c8db53bb814]:SEFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\d578c8db53bb814]:SEFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\d578c8db53bb814]:SEFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:SEFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\d578c8db53bb814]:SEFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\d578c8db53bb814]:SEFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\d578c8db53bb814]:SEFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\d578c8db53bb814]:SEFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\d578c8db53bb814]:SEIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKCU\Software\d578c8db53bb814]:SEIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:SEIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKCU\Software\d578c8db53bb814]:SEIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKCU\Software\d578c8db53bb814]:SEIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKCU\Software\d578c8db53bb814]:SEIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKCU\Software\d578c8db53bb814]:SEIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKCU\Software\d578c8db53bb814]:SEIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKCU\Software\d578c8db53bb814]:SEIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKCU\Software\d578c8db53bb814]:SEIEREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKCU\Software\d578c8db53bb814]:SEIEREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:SEIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKCU\Software\d578c8db53bb814]:SEIEREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:SEIEREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:SEIEREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" [HKCU\Software\d578c8db53bb814]:SEIEREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" [HKCU\Software\d578c8db53bb814]:SEIEREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:SEIEREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" [HKCU\Software\d578c8db53bb814]:SEIEREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" [HKCU\Software\d578c8db53bb814]:SEIEREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" [HKCU\Software\d578c8db53bb814]:SEIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKCU\Software\d578c8db53bb814]:SEIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKCU\Software\d578c8db53bb814]:SEIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKCU\Software\d578c8db53bb814]:SEIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKCU\Software\d578c8db53bb814]:SEIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKCU\Software\d578c8db53bb814]:SEIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKCU\Software\d578c8db53bb814]:SEIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKCU\Software\d578c8db53bb814]:SEIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKCU\Software\d578c8db53bb814]:SERVICE_NAME="BitGuard" =>PUP.BitGuard [HKCU\Software\d578c8db53bb814]:usrcheckbox="1" [HKCU\Software\d578c8db53bb814]:version="2.6.1694.246" [HKLM\Software\d578c8db53bb814]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel [HKLM\Software\d578c8db53bb814]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\d578c8db53bb814]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\d578c8db53bb814]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\d578c8db53bb814]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\d578c8db53bb814]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\d578c8db53bb814]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\d578c8db53bb814]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\d578c8db53bb814]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\d578c8db53bb814]:HPCHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKLM\Software\d578c8db53bb814]:HPCHREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\d578c8db53bb814]:HPCHREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:HPCHREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:HPCHREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" [HKLM\Software\d578c8db53bb814]:HPCHREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" [HKLM\Software\d578c8db53bb814]:HPCHREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:HPCHREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" [HKLM\Software\d578c8db53bb814]:HPCHREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" [HKLM\Software\d578c8db53bb814]:HPCHREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" [HKLM\Software\d578c8db53bb814]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\d578c8db53bb814]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\d578c8db53bb814]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\d578c8db53bb814]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\d578c8db53bb814]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\d578c8db53bb814]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\d578c8db53bb814]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\d578c8db53bb814]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\d578c8db53bb814]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\d578c8db53bb814]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\d578c8db53bb814]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\d578c8db53bb814]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\d578c8db53bb814]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\d578c8db53bb814]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\d578c8db53bb814]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\d578c8db53bb814]:HPFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKLM\Software\d578c8db53bb814]:HPFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\d578c8db53bb814]:HPFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:HPFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:HPFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" [HKLM\Software\d578c8db53bb814]:HPFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" [HKLM\Software\d578c8db53bb814]:HPFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:HPFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" [HKLM\Software\d578c8db53bb814]:HPFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" [HKLM\Software\d578c8db53bb814]:HPFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" [HKLM\Software\d578c8db53bb814]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\d578c8db53bb814]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\d578c8db53bb814]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\d578c8db53bb814]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\d578c8db53bb814]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\d578c8db53bb814]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\d578c8db53bb814]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\d578c8db53bb814]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\d578c8db53bb814]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\d578c8db53bb814]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\d578c8db53bb814]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\d578c8db53bb814]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\d578c8db53bb814]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\d578c8db53bb814]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\d578c8db53bb814]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\d578c8db53bb814]:HPIEREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKLM\Software\d578c8db53bb814]:HPIEREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\d578c8db53bb814]:HPIEREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:HPIEREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:HPIEREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" [HKLM\Software\d578c8db53bb814]:HPIEREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" [HKLM\Software\d578c8db53bb814]:HPIEREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:HPIEREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" [HKLM\Software\d578c8db53bb814]:HPIEREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" [HKLM\Software\d578c8db53bb814]:HPIEREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" [HKLM\Software\d578c8db53bb814]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\d578c8db53bb814]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\d578c8db53bb814]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\d578c8db53bb814]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\d578c8db53bb814]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\d578c8db53bb814]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\d578c8db53bb814]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\d578c8db53bb814]:INSTALL_FOLDER_NAME="BitGuard" =>PUP.BitGuard [HKLM\Software\d578c8db53bb814]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\d578c8db53bb814]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\d578c8db53bb814]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\d578c8db53bb814]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\d578c8db53bb814]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\d578c8db53bb814]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\d578c8db53bb814]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\d578c8db53bb814]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\d578c8db53bb814]:KWFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKLM\Software\d578c8db53bb814]:KWFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\d578c8db53bb814]:KWFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:KWFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:KWFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" [HKLM\Software\d578c8db53bb814]:KWFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" [HKLM\Software\d578c8db53bb814]:KWFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:KWFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" [HKLM\Software\d578c8db53bb814]:KWFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" [HKLM\Software\d578c8db53bb814]:KWFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" [HKLM\Software\d578c8db53bb814]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\d578c8db53bb814]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\d578c8db53bb814]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\d578c8db53bb814]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\d578c8db53bb814]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\d578c8db53bb814]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\d578c8db53bb814]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\d578c8db53bb814]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R" [HKLM\Software\d578c8db53bb814]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb" [HKLM\Software\d578c8db53bb814]:NTCHREGEXP2="FO81jovjQUF+5S6+hbF/tG24SsHn9oyWDBuXLj1U8e1fjIJv8XSE4Dy75IlV" [HKLM\Software\d578c8db53bb814]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\d578c8db53bb814]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\d578c8db53bb814]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\d578c8db53bb814]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\d578c8db53bb814]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\d578c8db53bb814]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\d578c8db53bb814]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\d578c8db53bb814]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\d578c8db53bb814]:NTFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKLM\Software\d578c8db53bb814]:NTFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\d578c8db53bb814]:NTFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:NTFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:NTFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" [HKLM\Software\d578c8db53bb814]:NTFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" [HKLM\Software\d578c8db53bb814]:NTFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:NTFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" [HKLM\Software\d578c8db53bb814]:NTFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" [HKLM\Software\d578c8db53bb814]:NTFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" [HKLM\Software\d578c8db53bb814]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\d578c8db53bb814]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\d578c8db53bb814]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:NTFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\d578c8db53bb814]:NTFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\d578c8db53bb814]:NTFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\d578c8db53bb814]:NTFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\d578c8db53bb814]:NTFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\d578c8db53bb814]:PROTECTOR_DLL_NAME="BitGuard.dll" =>PUP.BitGuard [HKLM\Software\d578c8db53bb814]:PROTECT_EXE_NAME="BitGuard.exe" =>PUP.BitGuard [HKLM\Software\d578c8db53bb814]:SECHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\d578c8db53bb814]:SECHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:SECHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\d578c8db53bb814]:SECHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\d578c8db53bb814]:SECHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\d578c8db53bb814]:SECHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\d578c8db53bb814]:SECHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\d578c8db53bb814]:SECHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\d578c8db53bb814]:SECHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\d578c8db53bb814]:SECHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKLM\Software\d578c8db53bb814]:SECHREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:SECHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\d578c8db53bb814]:SECHREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:SECHREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:SECHREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" [HKLM\Software\d578c8db53bb814]:SECHREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" [HKLM\Software\d578c8db53bb814]:SECHREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:SECHREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" [HKLM\Software\d578c8db53bb814]:SECHREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" [HKLM\Software\d578c8db53bb814]:SECHREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" [HKLM\Software\d578c8db53bb814]:SECHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\d578c8db53bb814]:SECHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\d578c8db53bb814]:SECHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:SECHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\d578c8db53bb814]:SECHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\d578c8db53bb814]:SECHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\d578c8db53bb814]:SECHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\d578c8db53bb814]:SECHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\d578c8db53bb814]:SEFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\d578c8db53bb814]:SEFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:SEFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\d578c8db53bb814]:SEFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\d578c8db53bb814]:SEFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\d578c8db53bb814]:SEFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\d578c8db53bb814]:SEFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\d578c8db53bb814]:SEFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\d578c8db53bb814]:SEFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\d578c8db53bb814]:SEFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKLM\Software\d578c8db53bb814]:SEFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:SEFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\d578c8db53bb814]:SEFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:SEFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:SEFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" [HKLM\Software\d578c8db53bb814]:SEFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" [HKLM\Software\d578c8db53bb814]:SEFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:SEFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" [HKLM\Software\d578c8db53bb814]:SEFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" [HKLM\Software\d578c8db53bb814]:SEFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" [HKLM\Software\d578c8db53bb814]:SEFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\d578c8db53bb814]:SEFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\d578c8db53bb814]:SEFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:SEFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\d578c8db53bb814]:SEFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\d578c8db53bb814]:SEFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\d578c8db53bb814]:SEFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\d578c8db53bb814]:SEFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\d578c8db53bb814]:SEIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY" [HKLM\Software\d578c8db53bb814]:SEIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:SEIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj" [HKLM\Software\d578c8db53bb814]:SEIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj" [HKLM\Software\d578c8db53bb814]:SEIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj" [HKLM\Software\d578c8db53bb814]:SEIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj" [HKLM\Software\d578c8db53bb814]:SEIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj" [HKLM\Software\d578c8db53bb814]:SEIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj" [HKLM\Software\d578c8db53bb814]:SEIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw==" [HKLM\Software\d578c8db53bb814]:SEIEREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ==" [HKLM\Software\d578c8db53bb814]:SEIEREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:SEIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T" [HKLM\Software\d578c8db53bb814]:SEIEREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:SEIEREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:SEIEREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y" [HKLM\Software\d578c8db53bb814]:SEIEREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA==" [HKLM\Software\d578c8db53bb814]:SEIEREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:SEIEREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A==" [HKLM\Software\d578c8db53bb814]:SEIEREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y" [HKLM\Software\d578c8db53bb814]:SEIEREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj" [HKLM\Software\d578c8db53bb814]:SEIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T" [HKLM\Software\d578c8db53bb814]:SEIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA==" [HKLM\Software\d578c8db53bb814]:SEIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs=" [HKLM\Software\d578c8db53bb814]:SEIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k=" [HKLM\Software\d578c8db53bb814]:SEIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y" [HKLM\Software\d578c8db53bb814]:SEIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k=" [HKLM\Software\d578c8db53bb814]:SEIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y" [HKLM\Software\d578c8db53bb814]:SEIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA==" [HKLM\Software\d578c8db53bb814]:SERVICE_NAME="BitGuard" =>PUP.BitGuard [HKLM\Software\d578c8db53bb814]:usrcheckbox="1" [HKLM\Software\d578c8db53bb814]:version="2.6.1694.246" ~ Export Key Software: Scanned in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.DE5B767F47A59EEFF570B29454F052E8] [WIS][2013-10-06] (.ReSoft Ltd. - Shopping Helper Smartbar.) -- C:\Windows\Installer\96ebf3f.msi [9187328] =>Hijacker.SmartBar ~ WIS: 89 Legitimates Filtered in 00mn 19s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 2013-12-11 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 2013-07-23 193696 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe SS - | Auto 2011-02-05 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 2011-02-05 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 2012-08-10 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Demand 2005-04-03 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe SS - | Demand 2013-12-28 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 2013-09-05 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SS - | Demand 2009-01-16 74392 | (stllssvr) . (.MicroVision Development, Inc..) - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe SR - | Auto 2010-03-18 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe SR - | Auto 2013-05-10 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 2009-03-03 81920 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe SR - | Auto 2013-11-08 214512 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe SR - | Demand 2013-07-23 240288 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.exe SR - | Auto 2009-10-20 595232 | (btwdins) . (.Broadcom Corporation..) - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe SR - | Auto 2013-12-16 2251552 | (CltMngSvc) . (.Conduit.) - C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe =>Toolbar.Conduit SR - | Auto 2013-10-10 424016 | (desksvc) . (.337 Technology Limited..) - C:\Program Files\Desk 365\deskSvc.exe =>Hijacker.22Find SR - | Auto 2009-11-04 268824 | (LMS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe SR - | Auto 2012-11-29 319488 | (McciCMService) . (.Alcatel-Lucent.) - C:\Program Files\Common Files\Motive\McciCMService.exe SR - | Auto 2012-10-02 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe SR - | Auto 2010-04-07 229458 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe SR - | Auto 2009-11-04 2320920 | (UNS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe SR - | Auto 2011-01-28 40960 | (wltrysvc) . (.Dell Inc..) - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.exe SR - | Auto 2009-07-13 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 26s ---\\ Scan Additionnel (O88) Database Version : 13018 - (2014-01-02) Clés trouvées (Keys found) : 77 Valeurs trouvées (Values found) : 3 Dossiers trouvés (Folders found) : 33 Fichiers trouvés (Files found) : 54 [HKLM\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl] =>Hijacker.SmartBar^ [HKLM\Software\Google\Chrome\Extensions\boipimhfjpakfgckhbljjengakjhkcbp] =>Toolbar.MixiDJ^ [HKLM\Software\Google\Chrome\Extensions\kigpmgkoelepakabiliblldhdpnidcod] =>PUP.CrossRider^ [HKLM\Software\Google\Chrome\Extensions\nfnglnjhhbjjkfggljifgnmdgpecgjmp] =>Toolbar.Vafmusic^ [HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc] =>Toolbar.Conduit^ [HKLM\SYSTEM\CurrentControlSet\Services\desksvc] =>Hijacker.22Find^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1] =>PUP.AdvancedSystemProtector^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Desk 365] =>Hijacker.22Find^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IECT3298581] =>Toolbar.MixiDJ^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>Toolbar.Conduit^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1030322F-DBCF-42B8-BAC3-273CB5772CCF}] =>Hijacker.SmartBar^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{17093dda-8532-430a-b24f-5f61cc91f7c5}] =>Hijacker.SmartBar^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent [HKLM\Software\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent [HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Adware.iWinArcade [HKLM\Software\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}] =>Hijacker.SmartBar [HKLM\Software\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}] =>Hijacker.SmartBar [HKLM\Software\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}] =>Hijacker.SmartBar [HKLM\Software\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}] =>Hijacker.SmartBar [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent [HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent [HKLM\Software\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}] =>Hijacker.SmartBar [HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam [HKLM\Software\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask [HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit [HKCU\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\DataMngr] =>Adware.Bandoo [HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong [HKCU\Software\SmartbarBackup] =>Hijacker.SmartBar [HKCU\Software\SmartbarLog] =>Hijacker.SmartBar [HKLM\Software\Classes\Prod.cap] =>PUP.Babylon [HKLM\Software\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] =>Hijacker.22find [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D6A9BBF-402C-4301-B1EF-28D04F71D761}] =>Adware.SmileyBar [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D6A9BBF-402C-4301-B1EF-28D04F71D761}] =>Adware.SmileyBar [HKCU\Software\Mixi.DJ] =>Toolbar.MixiDJ [HKLM\Software\eSafeSecControl] =>PUP.eSafeSecurity [HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA9B9C89-4662-4ADC-9C23-A452BECD5D19}] =>Toolbar.MixiDJ [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA9B9C89-4662-4ADC-9C23-A452BECD5D19}] =>Toolbar.MixiDJ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MixiDJ chrome Toolbar] =>Adware.SmileyBar [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc] =>PUP.eSafeSecurity [HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro [HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro [HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox [HKLM\Software\Microsoft\Tracing\apnstub_RASAPI32] =>Toolbar.Ask [HKLM\Software\Microsoft\Tracing\apnstub_RASMANCS] =>Toolbar.Ask [HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector [HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector [HKLM\Software\Classes\CrossriderApp0041552.BHO] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0041552.BHO.1] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0041552.Sandbox] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0041552.Sandbox.1] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0042822.BHO] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0042822.BHO.1] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0042822.Sandbox] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0042822.Sandbox.1] =>PUP.CrossRider [HKLM\Software\Classes\Toolbar.CT3298581] =>Toolbar.Conduit [HKLM\Software\Classes\Toolbar.CT3302999] =>Toolbar.Conduit [HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422282222}] =>PUP.CrossRider [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{ae07101b-46d4-4a98-af68-0333ea26e113} =>Hijacker.SmartBar^ [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Browser Infrastructure Helper =>Hijacker.SmartBar^ [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.Avira C:\Users\annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl =>Hijacker.SmartBar^ C:\Users\annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\boipimhfjpakfgckhbljjengakjhkcbp =>Toolbar.MixiDJ^ C:\Users\annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod =>PUP.CrossRider^ C:\Users\annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfnglnjhhbjjkfggljifgnmdgpecgjmp =>Toolbar.Vafmusic^ C:\Program Files\Advanced System Protector =>PUP.AdvancedSystemProtector^ C:\Program Files\DealPly =>PUP.DealPly^ C:\Program Files\DealPlyLive =>PUP.DealPly^ C:\Program Files\Desk 365 =>Hijacker.22Find^ C:\Program Files\MyPC Backup =>PUP.MyPCBackup^ C:\ProgramData\Babylon =>PUP.Babylon^ C:\ProgramData\BitGuard =>PUP.BitGuard^ C:\ProgramData\DealPlyLive =>PUP.DealPly^ C:\ProgramData\eSafe =>PUP.eSafeSecurity^ C:\Users\annie\AppData\Roaming\BabSolution =>Hijacker.BabSolution^ C:\Users\annie\AppData\Roaming\Babylon =>PUP.Babylon^ C:\Users\annie\AppData\Roaming\Dealply =>PUP.DealPly^ C:\Users\annie\AppData\Roaming\Desk 365 =>Hijacker.22Find^ C:\Users\annie\AppData\Local\DealPlyLive =>PUP.DealPly^ C:\Users\annie\AppData\Local\Smartbar =>Hijacker.SmartBar^ C:\Users\annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard =>PUP.BitGuard^ C:\Program Files\Conduit =>Toolbar.Conduit C:\Program Files\SearchProtect =>Toolbar.Conduit C:\Program Files\Optimizer Pro =>PUP.OptimizerPro C:\ProgramData\Conduit =>Toolbar.Conduit C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desk 365 =>Hijacker.22find C:\Users\annie\AppData\Local\Conduit =>Toolbar.Conduit C:\Users\annie\AppData\Local\SearchProtect =>Toolbar.Conduit C:\Users\annie\AppData\LocalLow\Conduit =>Toolbar.Conduit C:\Users\annie\AppData\LocalLow\PriceGong =>Adware.PriceGong C:\Users\annie\AppData\LocalLow\Smartbar =>Hijacker.SmartBar C:\Users\annie\AppData\LocalLow\mixidj =>Adware.SmileyBar C:\Users\annie\AppData\Local\Temp\Conduit =>Toolbar.Conduit C:\Users\annie\AppData\Local\Temp\Smartbar =>Hijacker.SmartBar C:\Users\annie\AppData\Roaming\Mozilla\Firefox\Profiles\20ndpx0x.default\SearchPlugins\conduit.xml =>Toolbar.Conduit C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe =>Toolbar.Conduit^ C:\Program Files\SearchProtect\UI\bin\cltmngui.exe =>Toolbar.Conduit^ C:\Users\annie\AppData\Local\Smartbar\Application\Smartbar.exe =>Hijacker.SmartBar^ C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe =>PUP.AdvancedSystemProtector^ C:\Windows\Tasks\Dealply.job =>PUP.DealPly^ C:\Users\annie\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.exe =>PUP.DealPly^ C:\Program Files\Desk 365\desk365.exe =>Hijacker.22Find^ C:\Users\annie\AppData\Roaming\BabSolution\Shared\BabMaint.exe =>Hijacker.BabSolution^ [HKCU\Software\BabSolution] =>Hijacker.BabSolution^ [HKCU\Software\Conduit] =>Toolbar.Conduit^ [HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr^ [HKCU\Software\DealPlyLive] =>PUP.DealPly^ [HKCU\Software\Smartbar] =>Hijacker.SmartBar^ [HKLM\Software\Conduit] =>Toolbar.Conduit^ [HKLM\Software\DealPlyLive] =>PUP.DealPly^ [HKLM\Software\DomaIQ] =>Adware.DomaIQ^ C:\Users\annie\AppData\Local\Temp\checktbexist.exe =>Toolbar.Conduit^ C:\Users\annie\AppData\Local\Temp\mconduitinstaller.exe =>Adware.Bloson^ C:\Users\annie\AppData\Local\Temp\nsb5C8.exe =>Toolbar.Conduit^ C:\Users\annie\AppData\Local\Temp\nseC9B7.exe =>Toolbar.Conduit^ C:\Users\annie\AppData\Local\Temp\nsj144A.exe =>Toolbar.Conduit^ C:\Users\annie\AppData\Local\Temp\nsjAFE3.exe =>Toolbar.Conduit^ C:\Users\annie\AppData\Local\Temp\nsl25B9.exe =>Toolbar.Conduit^ C:\Users\annie\AppData\Local\Temp\nso5E2.exe =>Toolbar.Conduit^ C:\Users\annie\AppData\Local\Temp\nst59C2.exe =>Toolbar.Conduit^ C:\Users\annie\AppData\Local\Temp\nst6D06.exe =>Toolbar.Conduit^ C:\Users\annie\AppData\Local\Temp\nstAF28.exe =>Toolbar.Conduit^ C:\Users\annie\AppData\Local\Temp\nstD8B7.exe =>Toolbar.Conduit^ C:\Users\annie\AppData\Local\Temp\nsuA17F.exe =>Toolbar.Conduit^ C:\Users\annie\AppData\Local\Temp\SecondStepInstaller.exe =>Toolbar.Conduit^ C:\Users\annie\AppData\Local\Temp\SPStub.exe =>Toolbar.Conduit^ C:\Users\annie\AppData\Local\Temp\tbVaf2.dll =>Toolbar.Conduit^ C:\Users\annie\AppData\Local\Temp\uninst1.exe =>PUP.Babylon^ [HKCU\Software\d578c8db53bb814]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^ [HKLM\Software\d578c8db53bb814]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^ C:\Windows\Installer\96ebf3f.msi =>Hijacker.SmartBar^ ~ Additionnel Scan: 301487 Items scanned in 00mn 47s ---\\ Récapitulatif des détections trouvées sur votre station ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ MSI: 26 link(s) detected in 00mn 49s ~ 3174 Legitimates filtered by white list End of the scan (1268 lines in 04mn 04s)(0)
  24. merci, vous êtes les meilleurs est ce que j'avais un virus ?
  25. Rapport de ZHPFix 1.3.13 par Nicolas Coolman, Update du 26/01/2013 Fichier d'export Registre : Run by E6410 at 2013-02-06 13:18:15 Windows XP Professional Service Pack 3 (Build 2600) ========== Clé(s) du Registre ========== SUPPRIME Key: Mozilla Plugin: @microsoft.com/VirtualEarth3D,version=4.0 SUPPRIME Key: Mozilla Plugin: @pandonetworks.com/PandoWebPlugin SUPPRIME Key: Mozilla Plugin: pandonetworks.com/PandoWebPlugin SUPPRIME Key: HKCU\Software\MLSync SUPPRIME Key: HKCU\Software\Softonic SUPPRIME Key: Service Legacy: LEGACY_SKYPE_C2C_SERVICE SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} SUPPRIME Key: HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} SUPPRIME Key: HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} SUPPRIME Key: HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} SUPPRIME Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} SUPPRIME Key: Service Legacy: LEGACY_BONJOUR_SERVICE ========== Valeur(s) du Registre ========== SUPPRIME AAKE KeyValue: C:\Program Files\Pando Networks\Media Booster\PMB.exe SUPPRIME FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe SUPPRIME FirewallRaz (SP) : %windir%\system32\sessmgr.exe SUPPRIME FirewallRaz (SP) : C:\Program Files\Steam\steamapps\common\Portal 2\portal2.exe SUPPRIME FirewallRaz (SP) : C:\Program Files\Steam\SteamApps\filou133\garrysmod\hl2.exe SUPPRIME FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe SUPPRIME FirewallRaz (DP) : %windir%\system32\sessmgr.exe Aucune valeur présente dans la clé d'exception du registre (FirewallRaz) ProxyFix : Configuration proxy supprimée avec succès SUPPRIME ProxyServer Value SUPPRIME ProxyEnable Value SUPPRIME EnableHttp1_1 Value SUPPRIME ProxyHttp1.1 Value SUPPRIME ProxyOverride Value ========== Elément(s) de donnée du Registre ========== SUPPRIME R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page ========== Dossier(s) ========== ========== Fichier(s) ========== SUPPRIME c:\program files\pando networks\media booster\nppandowebplugin.dll ABSENT File: c:\program files\pando networks\media booster\nppandowebplugin.dll SUPPRIME c:\documents and settings\e6410\menu démarrer\programmes\smartdraw 2012.lnk ABSENT File: c:\program files\smartdraw 2012\smartdraw.exe SUPPRIME c:\program files\pando networks\media booster\pmb.exe ABSENT File: c:\program files\pando networks\media booster\pmb.exe SUPPRIME Flash Cookies: SUPPRIME Temporaires Windows: ========== Fichier HOSTS ========== Le fichier Hosts n'est pas réparé ! ========== Restauration Système ========== Point de restauration du système créé avec succès ========== Récapitulatif ========== 14 : Clé(s) du Registre 14 : Valeur(s) du Registre 1 : Elément(s) de donnée du Registre 8 : Fichier(s) 1 : Fichier HOSTS 1 : Restauration Système End of clean in 00mn 24s ========== Chemin de fichier rapport ========== C:\ZHP\ZHPFix[R1].txt - 2013-02-06 13:18:15 [3342]
×
×
  • Créer...