Pub et messages

pascal135 Messages postés 26 Date d'inscription   Statut Membre Dernière intervention   -  
 Utilisateur anonyme -
Bonjour,

J'ai deux ordi,sur un en wifi marche impect SFR pour internet,mais sur l'autre ordi j'ai toujours des truc qui s'affiche:
*Related Seaches coupon sur la page de gauche
*sur la droite j'ai Enlever Web connect
*et aussi à chaque fois que je clic j'ai jhub.net
*au Secours et surtout si vous pourriez m'aider.

Cordialement à vous

3 réponses

  1. Utilisateur anonyme
     
    bonjour,

    * Télécharge et enregistre ZHPDiag sur ton bureau :

    https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

    ou
    http://www.premiumorange.com/zeb-help-process/zhpdiag.html

    * Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.

    /!\Utilisateur de Vista, Seven et W8 :

    * Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »

    => L'icône est sous forme de parchemin.

    * Clique sur configurer, puis sur la loupe + .

    * Laisse travailler l'outil, même s'il semble bloqué !

    * Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
    * Héberge le rapport ZHPDiag.txt sur Cjoint, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :

    https://www.cjoint.com/ => https://www.commentcamarche.net/faq/29493-utiliser-cjoint-pour-heberger-des-fichiers


    tuto zhpdiag :

    http://nicolascoolman.webs.com/tutorials.htm

    0
  2. pascal135 Messages postés 26 Date d'inscription   Statut Membre Dernière intervention   8
     
    ~ Rapport de ZHPDiag v2013.11.7.13 - Nicolas Coolman (07/11/2013)
    ~ Lancé par maissane (07/11/2013 18:09:06)
    ~ Adresse du Site Web https://nicolascoolman.webs.com/
    ~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    ---\\ Navigateurs Internet
    MSIE: Internet Explorer v10.0.9200.16721 (Defaut)
    GCIE: Google Chrome v23.0.1271.97

    ---\\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows(R) 7, RETAIL channel
    Windows ID Activation : OK
    ~ Windows Partial Key : B7D9D
    Windows License : OK
    ~ Windows Remaining Initializations Number : 4
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    ---\\ Logiciels de protection du système
    Norton AntiVirus v21.1.0.18
    Windows Defender W7

    ---\\ Logiciels d'optimisation du système
    CCleaner v3.16 =>Piriform Ltd

    ---\\ Logiciels de partage PeerToPeer

    ---\\ Surveillance de Logiciels
    Adobe Flash Player 11 Plugin
    Adobe Reader XI
    Java 7 Update 21

    ---\\ Informations sur le système
    ~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 1013 MB (15% free)
    System Restore: Activé (Enable)
    System drive C: has 77 GB (70%) free of 109 GB

    ---\\ Mode de connexion au système
    ~ Computer Name: MAISSANE
    ~ User Name: maissane
    ~ All Users Names: maissane, HomeGroupUser$, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    ---\\ Variables d'environnement
    ~ System Unit : C:\
    ~ %AppZHP% : C:\Users\maissane\AppData\Roaming\ZHP\
    ~ %AppData% : C:\Users\maissane\AppData\Roaming\
    ~ %Desktop% : C:\Users\maissane\Desktop\
    ~ %Favorites% : C:\Users\maissane\Favorites\
    ~ %LocalAppData% : C:\Users\maissane\AppData\Local\
    ~ %StartMenu% : C:\Users\maissane\AppData\Roaming\Microsoft\Windows\Start Menu\
    ~ %Windir% : C:\Windows\
    ~ %System% : C:\Windows\System32\

    ---\\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 77 Go of 109 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 73 Go of 109 Go)
    E: CD-ROM drive (Not Inserted)
    Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)

    ---\\ Etat du Centre de Sécurité Windows
    ~ Security Center: 46 Legitimates Filtered in 00mn 00s

    ---\\ Recherche particulière de fichiers génériques
    [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
    [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
    [MD5.E4FEB264B47360B7296AEA4E052F88D8] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.23/09/2013 - 00:28:06.) -- C:\Windows\System32\wininet.dll [1767936]
    [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
    [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
    [MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 01:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
    [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
    [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
    [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
    [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
    [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
    [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
    [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
    [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
    [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
    [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
    [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
    [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
    [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
    [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
    [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
    ~ Generic Processes: Scanned in 00mn 04s

    ---\\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 2/488
    ~ Mes musiques (My Musics) : 1/3
    ~ Mes Favoris (My Favorites) : 1/71
    ~ Mes Documents (My Documents) : 1/110
    ~ Mon Bureau (My Desktop) : 2/867
    ~ Menu demarrer (Programs) : 1/34
    ~ Hidden Files: Scanned in 00mn 08s

    ---\\ Processus lancés
    [MD5.3E3A97C7C7E79DF8F08F22F0666D9E03] - (.Symantec Corporation - Norton Identity Safe.) -- C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [129424] [PID.316]
    [MD5.8A0B0E4102C2CCA25DA3134FE12FCC3E] - (.SAMSUNG Electronics - SSCKbdHk.) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [91136] [PID.2312]
    [MD5.E66E725E10B9CB8A6F5C74D7CA9E98A9] - (...) -- C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [2864096] [PID.1852] =>PUP.BitGuard
    [MD5.981E3DCB80E50011EB2D528BEC9AD782] - (.SEC - Samsung Recovery Solution 4.) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2247168] [PID.2372]
    [MD5.2798942CAA300C48F3265F1B30DC9F73] - (...) -- C:\Users\maissane\AppData\Local\tuto4pc_fr_38\upt4pc_fr_38.exe [2082664] [PID.3612] =>PUP.Eorezo
    [MD5.472DC56D3F40B50B7B977822A206E7B9] - (.Nero AG - Nero SecurDisc Host.) -- C:\Program Files\Nero\Tools\InCD\NBHGui.exe [1600816] [PID.4000]
    [MD5.F72C5D0F567BE8D63DE4BCE0C8E2C0CB] - (.Nero AG - InCD.) -- C:\Program Files\Nero\Tools\InCD\InCD.exe [1060136] [PID.3712]
    [MD5.70189D91A5347F5E34039D06C7E58419] - (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856] [PID.1152] =>Toolbar.Conduit
    [MD5.0BA966FD5349BDF9895F40C045A7C7EC] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.2524]
    [MD5.13B671D7253F29DA148569288CECF74B] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.684]
    [MD5.052F402E557C9EC01B188AD56E336029] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.3028]
    [MD5.11DFC7FF30B9B44F1477989C8FFF478F] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe [115032] [PID.4036] =>PUP.SweetIM
    [MD5.2B3DB9C9D7E206CFCF3E327709BEF3AD] - (.Intel Corporation - igfxsrvc Module.) -- C:\windows\system32\igfxsrvc.exe [252952] [PID.2784]
    [MD5.6017CA94BE482BCB527D92C6D481B2CC] - (.Duuqu Group - FrameFox Extensions.) -- C:\Program Files\FrameFox\Extensions\InternetExplorer\framefox.exe [287216] [PID.1176] =>PUP.FrameFox
    [MD5.9EB925EDC8CF1C3D06E50E9348B54A0A] - (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\maissane\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096] [PID.2332]
    [MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Programme d'installation de Google.) -- C:\Users\maissane\AppData\Local\Google\Update\GoogleUpdate.exe [116648] [PID.2188]
    [MD5.A4159CBC4FC1EC188948DC5E65DF5150] - (.TomTom - MyTomTom.) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe [455608] [PID.1644]
    [MD5.AC0D70BB32F4FBE173A9B9899BCFFB3E] - (.Alliance MCA - FaxTray Application for Internet Fax.) -- C:\Program Files\Axmapresse\Fax-Internet\faxtray.exe [816352] [PID.3056]
    [MD5.C64E9B1C9EA057DCECDCB98F34377811] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.exe [228552] [PID.576]
    [MD5.2D08AC1443FFA7FBED9A5EA5FD49AEB3] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [1242728] [PID.5164]
    [MD5.E85D5AABE354C66EED43FC4495AB543A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8186368] [PID.3016]
    [MD5.7720251986778B402978761589434491] - (.Symantec Corporation - Symantec Error Reporting.) -- C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\symerr.exe [54096] [PID.0]
    [MD5.4F1FFD438750EBEF6B93F326E29759B6] - (.Nero AG - incdsrv.) -- C:\Program Files\Nero\Tools\InCD\InCDSrv.exe [1420592] [PID.1188]
    [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1824]
    [MD5.34AE0DFA3EE3B5B9975042D87332D0B7] - (...) -- C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520] [PID.1908] =>Adware.Bandoo
    [MD5.7D2633295EB6FF2B938185874884059D] - (.Nero AG - Nero BackItUp.) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208] [PID.12]
    [MD5.917A6788B6054CBA5BCD5C8C8BADEF74] - (.Nero AG - Nero Registry InCD Service.) -- C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe [53560] [PID.620]
    [MD5.B5D5DA8230D3D3525839D939A9196C3E] - (.Pas de propriétaire - OberonGameConsoleService.) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312] [PID.1296]
    [MD5.F85AE59A52885F4B09AADAFB23001A3B] - (...) -- C:\windows\SYSTEM32\Rezip.exe [311296] [PID.2032]
    [MD5.19D34534176E62F35DDB7DC7B7FF2A87] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2164]
    [MD5.3199A477F0F06EEDE41BD55179F8EB05] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [92592] [PID.2248]
    [MD5.A6CAC3BF5BAE0B02A5D2100A5397DFFD] - (.WebConnect - WebConnect.) -- C:\Program Files\WebConnect\updateWebConnect.exe [65320] [PID.2292] =>PUP.WebConnect
    [MD5.A6CAC3BF5BAE0B02A5D2100A5397DFFD] - (.WebConnect - WebConnect.) -- C:\Program Files\WebConnect\bin\utilWebConnect.exe [65320] [PID.2444] =>PUP.WebConnect
    [MD5.DD0042F0C3B606A6A8B92D49AFB18AD6] - (.Yahoo! Inc. - AutoUpater Service Module.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [602392] [PID.2640]
    [MD5.1AEBDC693C74EA55FE05D51FA6573EBC] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2744]
    [MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3452]
    [MD5.8F0DE4FEF8201E306F9938B0905AC96A] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [135664] [PID.2188]
    [MD5.081DBA7C93F21B61DF1C5CE9E8AD0522] - (.DoctorSoft - APLanMgrC.) -- C:\Program Files\AnyPC Client\APLanMgrC.exe [79360] [PID.2928]
    [MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Service de la plateforme de protection logi.) -- C:\windows\system32\sppsvc.exe [3179520] [PID.5704]
    ~ Processes Running: Scanned in 01mn 23s

    ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:\Users\maissane\AppData\Local\Google\Chrome\User Data\Default\Preferences
    ~ Google Browser: 0 Legitimates Filtered in 00mn 00s

    ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\prefs.js
    C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\user.js
    M3 - MFPP: Plugins - [maissane] -- C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\searchplugins\babylon.xml =>Toolbar.Babylon
    M3 - MFPP: Plugins - [maissane] -- C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\searchplugins\bingp.xml
    M3 - MFPP: Plugins - [maissane] -- C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\searchplugins\BitGuard.xml =>PUP.BitGuard
    M3 - MFPP: Plugins - [maissane] -- C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\searchplugins\dalesearch.xml =>Hijacker.Dalesearch
    M3 - MFPP: Plugins - [maissane] -- C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\searchplugins\delta.xml =>Toolbar.DeltaSearch
    M3 - MFPP: Plugins - [maissane] -- C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\searchplugins\fileconverter-15-b2-customized-web-search.xml =>Toolbar.Conduit
    M3 - MFPP: Plugins - [maissane] -- C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\searchplugins\recherche-alot.xml =>Adware.Comet
    M3 - MFPP: Plugins - [maissane] -- C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\searchplugins\safesearch.xml
    M3 - MFPP: Plugins - [maissane] -- C:\Users\maissane\AppData\Roaming\Mozilla\Firefox\Profiles\z6pc1gi0.default\searchplugins\Web Search.xml =>Parasite.Pugi
    M0 - MFSP: prefs.js [maissane - z6pc1gi0.default] https://fr.ask.com/
    M2 - MFEP: prefs.js [maissane - z6pc1gi0.default\appbar@alot.com] [] ALOT Appbar v1.1.6000 (..)
    M2 - MFEP: prefs.js [maissane - z6pc1gi0.default\pricepeep@getpricepeep.com] [] PricePeep v2.2.0.3 (..) =>Adware.PricePeep
    M2 - MFEP: prefs.js [maissane - z6pc1gi0.default\{51fc8eac-778f-4dc4-9d69-c6993c8062dd}] [] QuickShare Widget v2.2.0.3 (..) =>PUP.QuickShare
    M2 - MFEP: prefs.js [maissane - z6pc1gi0.default\{b376e27c-a5dd-4635-891d-7aec90390d08}] [] FileConverter 1.5 B2 v10.20.0.513 (..)
    P2 - FPN: [HKLM] [@camfrogweb.com/Camfrog Web Plugin,version=2,0] - (.Camshare Inc. - Camfrog Web FF Plugin ver:2,0,12,93.) -- C:\Program Files\CFWebAdvancedU2\npcamfrogweb.dll
    P2 - FPN: [HKLM] [@www.dlmanager.net/omaha/tools//Software Update;version=8] - (...) -- C:\Program Files\Software\Update\1.2.201.0\npSoftwareOneClick8.dll (.not file.) =>Adware.Boxore
    P2 - FPN: [HKLM] [@www.duuqu.com/omaha/tools//Duuqu Update;version=3] - (.Duuqu Group - Duuqu Update.) -- C:\Program Files\Duuqu\Update\1.3.37.0\npDuuquUpdate3.dll
    P2 - FPN: [HKLM] [@www.duuqu.com/omaha/tools//Duuqu Update;version=9] - (.Duuqu Group - Duuqu Update.) -- C:\Program Files\Duuqu\Update\1.3.37.0\npDuuquUpdate3.dll
    ~ Firefox Browser: 43 Legitimates Filtered in 00mn 02s

    ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.do
    R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.msn.com/fr-fr/
    R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = https://search.safefinder.com/?q= =>Hijacker.SmartBar
    R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://search.safefinder.com/?q= =>Hijacker.SmartBar
    ~ IE Browser: 18 Legitimates Filtered in 00mn 00s

    ---\\ Internet Explorer, Proxy Management (R5)
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.offerbox.com;<local> =>PUP.OfferBox
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:56847 =>Hijacker.Proxy
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
    F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
    F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
    F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    ---\\ Hosts file redirection (O1)
    O1 - Hosts: 0.0.0.0 boxore.com =>Adware.Boxore
    O1 - Hosts: 0.0.0.0 www.boxore.com =>Adware.Boxore
    O1 - Hosts: 0.0.0.0 boxore.org =>Adware.Boxore
    O1 - Hosts: 0.0.0.0 www.boxore.org =>Adware.Boxore
    O1 - Hosts: 0.0.0.0 boxore.net =>Adware.Boxore
    O1 - Hosts: 0.0.0.0 www.boxore.net =>Adware.Boxore
    O1 - Hosts: 0.0.0.0 dlmanager.com =>Adware.Boxore
    O1 - Hosts: 0.0.0.0 www.dlmanager.com =>Adware.Boxore
    O1 - Hosts: 0.0.0.0 dlmanager.org =>Adware.Boxore
    O1 - Hosts: 0.0.0.0 www.dlmanager.org =>Adware.Boxore
    O1 - Hosts: 0.0.0.0 dlmanager.net =>Adware.Boxore
    O1 - Hosts: 0.0.0.0 www.dlmanager.net =>Adware.Boxore
    O1 - Hosts: 0.0.0.0 eorezo.com =>PUP.Eorezo
    O1 - Hosts: 0.0.0.0 www.eorezo.com =>PUP.Eorezo
    O1 - Hosts: 0.0.0.0 dist.eorezo.com =>PUP.Eorezo
    O1 - Hosts: 0.0.0.0 file.eorezo.com =>PUP.Eorezo
    O1 - Hosts: 0.0.0.0 log.eorezo.com =>PUP.Eorezo
    O1 - Hosts: 0.0.0.0 ads.eorezo.com =>PUP.Eorezo
    O1 - Hosts: 0.0.0.0 prof.eorezo.com =>PUP.Eorezo
    O1 - Hosts: 0.0.0.0 soft.eorezo.com =>PUP.Eorezo
    O1 - Hosts: 0.0.0.0 upd.eorezo.com =>PUP.Eorezo
    O1 - Hosts: 0.0.0.0 dfr.eorezo.com =>PUP.Eorezo
    O1 - Hosts: 0.0.0.0 lollipop-network.com =>Adware.Lollipop
    O1 - Hosts: 0.0.0.0 www.lollipop-network.com =>Adware.Lollipop
    O1 - Hosts: 0.0.0.0 download.lollipop-network.com =>Adware.Lollipop
    O1 - Hosts: 0.0.0.0 offers.lollipop-network.com =>Adware.Lollipop
    ~ Hosts File: Scanned in 00mn 46s
    ~ Nombre de lignes (Lines number): 50

    ---\\ Browser Helper Objects de navigateur (O2)
    O2 - BHO: CrossriderApp0033426 - {11111111-1111-1111-1111-110311341126} . (.Plus HD - Plus-HD-2.3 BHO.) -- C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-bho.dll =>Adware.PlusHD
    O2 - BHO: WiseConvert 1.5 - {19803860-b306-423c-bbb5-f60a7d82cde5} Clé orpheline =>Toolbar.Conduit
    O2 - BHO: WebConnect - {2316c625-b487-4410-a1a5-ff040b65245f} . (.Web Connect - WebConnect.) -- C:\Program Files\WebConnect\WebConnectbho.dll =>PUP.WebConnect
    O2 - BHO: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} . (...) -- mscoree.dll (.not file.) =>PUP.QuickShare
    O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} . (.Search Results LLC. - Search Results.) -- C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll =>Adware.Bandoo
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetPacks Toolbar module for Internet Expl.) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll =>PUP.SweetIM
    O2 - BHO: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} Clé orpheline =>Adware.PricePeep
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} Clé orpheline
    ~ BHO: 34 Legitimates Filtered in 00mn 02s

    ---\\ Internet Explorer Toolbars (O3)
    O3 - Toolbar: Ask Toolbar - [HKLM]{D4027C7F-154A-4066-A1AD-4243D8127440} . (...) -- (.not file.) =>Toolbar.Ask
    O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - [HKLM]{EEE6C35B-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetPacks Toolbar module for Internet Expl.) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll =>PUP.SweetIM
    O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
    O3 - Toolbar: QuickShare Widget - [HKLM]{ae07101b-46d4-4a98-af68-0333ea26e113} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>PUP.QuickShare
    O3 - Toolbar: Norton Identity Safe Toolbar - [HKLM]{A13C2648-91D4-4bf3-BC6D-0079707C4389} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll
    O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Clé orpheline
    O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D4027C7F-154A-4066-A1AD-4243D8127440} Clé orpheline
    O3 - Toolbar\WebBrowser: (no name) - [HKCU]{19803860-B306-423C-BBB5-F60A7D82CDE5} Clé orpheline
    O3 - Toolbar\WebBrowser: (no name) - [HKCU]{EEE6C35B-6118-11DC-9C72-001320C79847} Clé orpheline
    O3 - Toolbar\WebBrowser: (no name) - [HKCU]{A13C2648-91D4-4BF3-BC6D-0079707C4389} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    ---\\ Autres liens utilisateurs (O4)
    O4 - GS\Desktop [Public]: Norton AntiVirus.lnk . (.Symantec Corporation - Norton Protection Center UI Stub.) -- C:\Program Files\Norton AntiVirus\Engine\21.1.0.18\uistub.exe
    O4 - GS\QuickLaunch [maissane]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
    O4 - GS\QuickLaunch [maissane]: Pages Annuaire.lnk - Clé orpheline
    O4 - GS\TaskBar [maissane]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
    O4 - GS\Program [maissane]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
    O4 - GS\SystemTools [maissane]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
    O4 - GS\Desktop [maissane]: Accueil Fax-Internet.lnk . (...) -- C:\Program Files\Axmapresse\Fax-Internet\statfax.exe
    O4 - GS\Desktop [maissane]: Driver Genius.lnk . (.Driver-Soft Inc. - Driver Genius.) -- C:\Program Files\Driver-Soft\DriverGenius\DriverGenius.exe
    O4 - GS\Desktop [maissane]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
    O4 - GS\Desktop [maissane]: Microsoft Word 2010.lnk . (.Microsoft Corporation - Microsoft Office Client Virtualization Hand.) -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.exe
    O4 - GS\Desktop [maissane]: Radio Fr Solo.lnk . (...) -- C:\Program Files\Radio Fr Solo\Radio_Fr_Solo.exe
    O4 - GS\Desktop [maissane]: Search.lnk . (...) -- C:\ProgramData\DSearchLink\DSearchLink.exe =>Toolbar.DeltaSearch
    ~ Global Startup: 69 Legitimates Filtered in 00mn 27s

    ---\\ Applications lancées au démarrage du sytème (O4)
    O4 - GS\Startup [Public]: Lancement Application Fax.lnk . (.Alliance MCA - FaxTray Application for Internet Fax.) -- C:\Program Files\Axmapresse\Fax-Internet\faxtray.exe
    O4 - GS\Startup [maissane]: OneNote 2010 - Capture d'écran et lancement.lnk . (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.exe =>.Microsoft Corporation
    O4 - HKLM\..\Run: [NBHGui] . (.Nero AG - Nero SecurDisc Host.) -- C:\Program Files\Nero\Tools\InCD\NBHGui.exe
    O4 - HKLM\..\Run: [InCD] . (.Nero AG - InCD.) -- C:\Program Files\Nero\Tools\InCD\InCD.exe
    O4 - HKLM\..\Run: [YSearchProtection] . (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe =>Toolbar.Conduit
    O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [UCam_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
    O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
    O4 - HKLM\..\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe =>PUP.SweetIM
    O4 - HKLM\..\Run: [Bouygues Connection Manager] . (.Bouygues - Internet Mobile 3G+ Bouygues Telecom.) -- C:\Program Files\Bouygues Telecom\Internet 3G+\Bouygues.exe
    O4 - HKLM\..\Run: [FrameFox Extensions] . (.Duuqu Group - FrameFox Extensions.) -- C:\Program Files\FrameFox\Extensions\InternetExplorer\framefox.exe =>PUP.FrameFox
    O4 - HKLM\..\RunOnce: [upt4pc_fr_38.exe] . (...) -- C:\Users\maissane\AppData\Local\tuto4pc_fr_38\upt4pc_fr_38.exe =>PUP.Eorezo
    O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
    O4 - HKCU\..\Run: [DatingNotifier] Clé orpheline
    O4 - HKCU\..\Run: [Search Protection] . (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe =>Toolbar.Conduit
    O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\maissane\AppData\Local\Facebook\Update\FacebookUpdate.exe
    O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
    O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\maissane\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
    O4 - HKCU\..\Run: [MyTomTomSA.exe] . (.TomTom - MyTomTom.) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
    O4 - HKUS\S-1-5-21-2071869296-2185399040-3217962726-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
    O4 - HKUS\S-1-5-21-2071869296-2185399040-3217962726-1000\..\Run: [DatingNotifier] Clé orpheline
    O4 - HKUS\S-1-5-21-2071869296-2185399040-3217962726-1000\..\Run: [Search Protection] . (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe =>Toolbar.Conduit
    O4 - HKUS\S-1-5-21-2071869296-2185399040-3217962726-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\maissane\AppData\Local\Facebook\Update\FacebookUpdate.exe
    O4 - HKUS\S-1-5-21-2071869296-2185399040-3217962726-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
    O4 - HKUS\S-1-5-21-2071869296-2185399040-3217962726-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\maissane\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
    O4 - HKUS\S-1-5-21-2071869296-2185399040-3217962726-1000\..\Run: [MyTomTomSA.exe] . (.TomTom - MyTomTom.) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe
    ~ Application: Scanned in 00mn 00s

    ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBttnIE.dll =>.Microsoft Corporation
    O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBTTN~1.dll =>.Microsoft Corporation
    ~ IE Extra Buttons: Scanned in 00mn 00s

    ---\\ Objets ActiveX (Downloaded Program Files)(O16)
    O16 - DPF: {62D90588-609E-4208-A260-A6CEC45BB92C} ((no name)) - http://www.liberticam.com/download/CFWebU.exe
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} ((no name)) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    ~ Objets ActiveX: Scanned in 00mn 00s

    ---\\ Modification Domaine/Adresses DNS (O17)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{29B826EC-D13C-43C9-8C6A-673AAEA74246}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{29B826EC-D13C-43C9-8C6A-673AAEA74246}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{29B826EC-D13C-43C9-8C6A-673AAEA74246}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    ---\\ Protocole additionnel (O18)
    O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
    O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
    ~ Winlogon: Scanned in 00mn 00s

    ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 - AppInit_DLLs: . (...) - C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll =>PUP.BitGuard
    ~ AppInit DLL: Scanned in 00mn 00s

    ---\\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 - Service: BitGuard (BitGuard) . (...) - C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe =>PUP.BitGuard
    O23 - Service: DefaultTabUpdate (DefaultTabUpdate) . (...) - C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe =>Adware.Bandoo
    O23 - Service: Duuqu Update Service (dqupdate) (dqupdate) . (.Duuqu Group - Duuqu Installer.) - C:\Program Files\Duuqu\Update\DuuquUpdate.exe
    O23 - Service: Update WebConnect (Update WebConnect) . (.WebConnect - WebConnect.) - C:\Program Files\WebConnect\updateWebConnect.exe =>PUP.WebConnect
    O23 - Service: Util WebConnect (Util WebConnect) . (.WebConnect - WebConnect.) - C:\Program Files\WebConnect\bin\utilWebConnect.exe =>PUP.WebConnect
    ~ Services: 16 Legitimates Filtered in 23mn 15s

    ---\\ Tâches planifiées en automatique (O39)
    O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AmiUpdXp.job [368] =>PUP.Software.Updater
    O39 - APT:Automatic Planified Task - C:\Windows\Tasks\DuuquUpdateTaskMachineCore.job [876]
    O39 - APT:Automatic Planified Task - C:\Windows\Tasks\DuuquUpdateTaskMachineUA.job [880]
    O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job [1884] =>Adware.PlusHD
    O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job [1188] =>Adware.PlusHD
    O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Plus-HD-2.3-enabler.job [1088] =>Adware.PlusHD
    O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Plus-HD-2.3-updater.job [1284] =>Adware.PlusHD
    [MD5.136E913B1D3771B3535C3622C36B5E38] [APT] [DuuquUpdateTaskMachineCore] (.Duuqu Group.) -- C:\Program Files\Duuqu\Update\DuuquUpdate.exe [98360]
    [MD5.136E913B1D3771B3535C3622C36B5E38] [APT] [DuuquUpdateTaskMachineUA] (.Duuqu Group.) -- C:\Program Files\Duuqu\Update\DuuquUpdate.exe [98360]
    [MD5.D7A7FF0EC451F7980CC3AE394AC48EB7] [APT] [Plus-HD-2.3-chromeinstaller] (.Plus HD.) -- C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe [466280] =>Adware.PlusHD
    [MD5.C7E5BE547E41553461B925B7FB26F561] [APT] [Plus-HD-2.3-codedownloader] (.Plus HD.) -- C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe [491880] =>Adware.PlusHD
    [MD5.F393EEE835F3F7111A3B6E91571ACD26] [APT] [Plus-HD-2.3-enabler] (.Plus HD.) -- C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-enabler.exe [348008] =>Adware.PlusHD
    [MD5.C32038A5543158EBDC99E73E6A070A43] [APT] [Plus-HD-2.3-updater] (.Plus HD.) -- C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-updater.exe [367976] =>Adware.PlusHD
    [MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe (.not file.) [0] =>Toolbar.Ask
    [MD5.00000000000000000000000000000000] [APT] [{911E56E8-2D4F-4F4B-A7F9-A9F661173E71}] (...) -- E:\INSTMSI.exe (.not file.) [0]
    ~ Scheduled Task: 44 Legitimates Filtered in 01mn 35s

    ---\\ Logiciels installés (O42)
    O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE} =>Toolbar.Ask
    O42 - Logiciel: BitGuard - (.MediaTechSoft Inc..) [HKLM] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} =>PUP.BitGuard
    O42 - Logiciel: DefaultTab - (.Search Results, LLC.) [HKLM] -- DefaultTab =>Adware.Bandoo
    O42 - Logiciel: Plus-HD-2.3 - (.Plus HD.) [HKLM] -- Plus-HD-2.3 =>Adware.PlusHD
    O42 - Logiciel: QuickShare - (.Linkury Inc..) [HKLM] -- {AF860F85-54A3-4A28-879B-BF9E6E325776} =>PUP.QuickShare
    O42 - Logiciel: SafeFax 3.0.999 - (.Alliance MCA.) [HKLM] -- SafeFax_is1
    O42 - Logiciel: SweetIM for Messenger 3.7 - (.SweetIM Technologies Ltd..) [HKLM] -- {7683B745-6060-41FD-AA75-0BBB383FEAD4} =>PUP.SweetIM
    O42 - Logiciel: Update Manager for SweetPacks 1.1 - (.SweetIM Technologies Ltd..) [HKLM] -- {EA8FA6BE-29BE-4AF2-9352-841F83215EB0} =>PUP.SweetIM
    O42 - Logiciel: WebConnect 3.0.0 - (.Web Connect.) [HKLM] -- WebConnect =>PUP.WebConnect
    O42 - Logiciel: tuto4pc_fr_38 - (.TUTO4PC.) [HKLM] -- tuto4pc_fr_38_is1 =>PUP.Eorezo
    ~ Logic: 118 Legitimates Filtered in 00mn 04s

    ---\\ HKCU & HKLM Software Keys
    [HKCU\Software\5e55dcd9b76eb940]
    [HKCU\Software\APN PIP]
    [HKCU\Software\BabSolution] =>Hijacker.BabSolution
    [HKCU\Software\BonanzaDealsLive] =>Adware.BonanzaDeals
    [HKCU\Software\DataMngr] =>PUP.Datamngr
    [HKCU\Software\Duuqu]
    [HKCU\Software\InstallCore] =>Adware.InstallCore
    [HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
    [HKCU\Software\Rencontres Hard]
    [HKCU\Software\SmartbarLog] =>Hijacker.SmartBar
    [HKCU\Software\SweetIM] =>PUP.SweetIM
    [HKCU\Software\TutoTag] =>Spyware.AgenceExclusive
    [HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
    [HKCU\Software\Wajam] =>Toolbar.Wajam
    [HKCU\Software\WebConnect] =>PUP.WebConnect
    [HKCU\Software\delta LTD]
    [HKLM\Software\5e55dcd9b76eb940]
    [HKLM\Software\APN]
    [HKLM\Software\AskToolbar]
    [HKLM\Software\Babylon] =>Toolbar.Babylon
    [HKLM\Software\BonanzaDealsLive] =>Adware.BonanzaDeals
    [HKLM\Software\DataMngr] =>PUP.Datamngr
    [HKLM\Software\Default Tab] =>Adware.Bandoo
    [HKLM\Software\DomaIQ] =>Adware.DomaIQ
    [HKLM\Software\Duuqu]
    [HKLM\Software\Iminent] =>Adware.IMBooster
    [HKLM\Software\OfferBox] =>PUP.OfferBox
    [HKLM\Software\PCPowerSpeed] =>PUP.PCPowerSpeed
    [HKLM\Software\PIP]
    [HKLM\Software\SweetIM] =>PUP.SweetIM
    [HKLM\Software\Vittalia] =>PUP.Vittalia
    [HKLM\Software\Wajam] =>Toolbar.Wajam
    [HKLM\Software\babylontoolbar] =>Toolbar.Babylon
    [HKLM\Software\iLividSRTB] =>Adware.Bandoo
    [HKLM\Software\lollipop] =>Adware.Lollipop
    ~ Key Software: 233 Legitimates Filtered in 00mn 04s

    ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 - CFD: 21/10/2013 - 08:49:33 - [0,851] ----D C:\Program Files\BonanzaDeals =>Adware.BonanzaDeals
    O43 - CFD: 14/10/2013 - 12:21:31 - [3,377] ----D C:\Program Files\BonanzaDealsLive =>Adware.BonanzaDeals
    O43 - CFD: 16/05/2013 - 14:19:48 - [2,156] ----D C:\Program Files\Duuqu
    O43 - CFD: 02/08/2013 - 14:36:07 - [0,390] ----D C:\Program Files\FrameFox =>PUP.FrameFox
    O43 - CFD: 15/12/2012 - 13:11:54 - [0,298] ----D C:\Program Files\lang
    O43 - CFD: 14/10/2013 - 15:19:29 - [0,015] ----D C:\Program Files\MyPC Backup =>PUP.MyPCBackup
    O43 - CFD: 14/10/2013 - 12:23:40 - [5,513] ----D C:\Program Files\Plus-HD-2.3 =>Adware.PlusHD
    O43 - CFD: 05/10/2013 - 18:55:04 - [8,545] ----D C:\Program Files\SweetIM =>PUP.SweetIM
    O43 - CFD: 26/07/2013 - 08:40:10 - [2,430] ----D C:\Program Files\tuto4pc_fr_38 =>PUP.Eorezo
    O43 - CFD: 30/10/2013 - 13:51:16 - [2,369] ----D C:\Program Files\WebConnect =>PUP.WebConnect
    O43 - CFD: 05/11/2013 - 17:00:56 - [8,154] ----D C:\ProgramData\BitGuard =>PUP.BitGuard
    O43 - CFD: 14/10/2013 - 12:21:27 - [0,403] ----D C:\ProgramData\BonanzaDealsLive =>Adware.BonanzaDeals
    O43 - CFD: 22/12/2012 - 12:28:59 - [0] ----D C:\ProgramData\boost_interprocess
    O43 - CFD: 19/09/2013 - 16:20:52 - [0,147] ----D C:\ProgramData\DSearchLink =>Toolbar.DeltaSearch
    O43 - CFD: 18/10/2013 - 09:02:43 - [0,002] ----D C:\ProgramData\NCOTEMP
    O43 - CFD: 05/09/2011 - 19:16:13 - [0,001] ----D C:\ProgramData\Partner
    O43 - CFD: 22/12/2012 - 12:13:43 - [2,513] ----D C:\Users\maissane\AppData\Roaming\DefaultTab =>Adware.Bandoo
    O43 - CFD: 27/09/2013 - 14:31:01 - [0,876] ----D C:\Users\maissane\AppData\Local\BeamriseUninstall =>Hijacker.Beamrise
    O43 - CFD: 14/10/2013 - 12:21:27 - [0] ----D C:\Users\maissane\AppData\Local\BonanzaDealsLive =>Adware.BonanzaDeals
    O43 - CFD: 16/05/2013 - 14:19:43 - [0] ----D C:\Users\maissane\AppData\Local\Duuqu
    O43 - CFD: 17/10/2012 - 15:16:10 - [0] ----D C:\Users\maissane\AppData\Local\messengerdusexe
    O43 - CFD: 28/04/2013 - 16:45:58 - [0] ----D C:\Users\maissane\AppData\Local\pur-flirt
    O43 - CFD: 28/09/2013 - 09:57:28 - [0] ----D C:\Users\maissane\AppData\Local\Supreme Savings =>PUP.RewardsArcade
    O43 - CFD: 22/12/2012 - 12:13:31 - [0,285] ----D C:\Users\maissane\AppData\Local\SwvUpdater =>PUP.Software.Updater
    O43 - CFD: 07/11/2013 - 19:31:34 - [1,988] ----D C:\Users\maissane\AppData\Local\tuto4pc_fr_38 =>PUP.Eorezo
    O43 - CFD: 27/10/2013 - 19:29:04 - [0,751] ----D C:\Users\maissane\AppData\Local\YappyzUninstall =>PUP.Yappyz
    O43 - CFD: 30/10/2013 - 14:29:43 - [0,001] ----D C:\Users\maissane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard =>PUP.BitGuard
    ~ 441 Dossiers CLSID vides (CLSID Empty Folders)
    ~ Program Folder: 673 Legitimates Filtered in 01mn 27s

    ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 - LFC:[MD5.462F7DBFBBB599527C986A3F876179FA] - 06/11/2013 - 13:09:57 ---A- . (...) -- C:\Windows\ntbtlog.txt [3250]
    O44 - LFC:[MD5.FE4D955BE910575D5654E80A7EB76FE1] - 07/11/2013 - 17:26:54 ---A- . (...) -- C:\SrvError.Log [262123]
    O44 - LFC:[MD5.95190605FC653695C32008A89F6F9847] - 07/11/2013 - 18:15:38 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [24464]
    O44 - LFC:[MD5.95190605FC653695C32008A89F6F9847] - 07/11/2013 - 18:15:38 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [24464]
    O44 - LFC:[MD5.3D5A6F114214DE1771C1C29590850F77] - 27/10/2013 - 19:46:56 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat [300]
    O44 - LFC:[MD5.E3F4F3BA037CB5511D4C3F921EDBB68C] - 30/10/2013 - 13:25:09 ---A- . (...) -- C:\Windows\wininit.ini [65]
    ~ Files: 15 Legitimates Filtered in 01mn 11s

    ---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 - LFCP:[MD5.502DC5C3CB27A4D46A53B4EFFA1E6401] - 06/11/2013 - 13:17:29 ---A- - C:\Windows\Prefetch\FRAMEFOX.EXE-AE0924FD.pf =>PUP.FrameFox
    O45 - LFCP:[MD5.46720CC3674A5A69D386876DF5A630F7] - 07/11/2013 - 14:51:18 ---A- - C:\Windows\Prefetch\OBERONGAMECONSOLESERVICE.EXE-443D4C7B.pf
    O45 - LFCP:[MD5.0DA599D171E5EC9DAEFF46359FD99DBB] - 07/11/2013 - 17:26:12 ---A- - C:\Windows\Prefetch\DUUQUCRASHHANDLER.EXE-EB7754F5.pf
    O45 - LFCP:[MD5.E8B43B3647DE0F56AB0C7DA8C77CFD89] - 07/11/2013 - 17:26:21 ---A- - C:\Windows\Prefetch\NST.EXE-D9753F47.pf
    O45 - LFCP:[MD5.F549F6CF9ECC8497FFED9958C01336C4] - 07/11/2013 - 17:26:25 ---A- - C:\Windows\Prefetch\BITGUARD.EXE-D66C64B1.pf =>PUP.BitGuard
    O45 - LFCP:[MD5.140489FDBDB9BB1FCAC5E040CBDC58C7] - 07/11/2013 - 17:26:42 ---A- - C:\Windows\Prefetch\INCD.EXE-E5B36EE8.pf
    O45 - LFCP:[MD5.8591161AC27BEFB92BBDDBF450998AC7] - 07/11/2013 - 17:26:42 ---A- - C:\Windows\Prefetch\NBHGUI.EXE-AC9A4EAB.pf
    O45 - LFCP:[MD5.9D5356CF1C67CEDC47D5E88AFED7917D] - 07/11/2013 - 17:26:43 ---A- - C:\Windows\Prefetch\SEARCHPROTECTION.EXE-5F59DE6E.pf =>Toolbar.Conduit
    O45 - LFCP:[MD5.89F12DAA58ECB4089B9C2BD8BA44009E] - 07/11/2013 - 17:26:55 ---A- - C:\Windows\Prefetch\FAXTRAY.EXE-46607940.pf
    O45 - LFCP:[MD5.8F8EDA3C688FC29E2C59A6C3685B88AC] - 07/11/2013 - 19:31:29 ---A- - C:\Windows\Prefetch\UPT4PC_FR_38.EXE-308AD67E.pf
    ~ Prefetcher: 118 Legitimates Filtered in 00mn 04s

    ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
    O51 - MPSK:{0f8be8b8-6550-11e2-9978-0024545925f7}\AutoRun\command. (...) -- E:\AutoLaunch.exe (.not file.)
    O51 - MPSK:{0f8be8f5-6550-11e2-9978-0024545925f7}\AutoRun\command. (...) -- E:\AutoLaunch.exe (.not file.)
    ~ Keys: Scanned in 00mn 00s

    ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
    O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
    O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
    ~ MWPS: 16 Legitimates Filtered in 00mn 00s

    ---\\ Liste des pilotes du système (SDL) (O58)
    O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
    O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
    ~ Drivers: 16 Legitimates Filtered in 00mn 02s

    ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 - LFC: 05/11/2013 - 19:43:56 ---A- . (...) -- C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg [14733] =>Adware.Bandoo
    O61 - LFC: 05/11/2013 - 19:43:56 ---A- . (.Search Results LLC..) -- C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll [462968] =>Adware.Bandoo
    O61 - LFC: 05/11/2013 - 19:43:56 ---A- . (.Search Results LLC..) -- C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe [50296] =>Adware.Bandoo
    O61 - LFC: 05/11/2013 - 19:43:56 ---A- . (.Search Results LLC..) -- C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe [53880] =>Adware.Bandoo
    O61 - LFC: 05/11/2013 - 19:43:56 ---A- . (.Search Results LLC..) -- C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll [436856] =>Adware.Bandoo
    O61 - LFC: 05/11/2013 - 19:43:56 ---A- . (.Search Results LLC..) -- C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll [520824] =>Adware.Bandoo
    O61 - LFC: 05/11/2013 - 19:43:57 ---A- . (.Search Results, LLC.) -- C:\Users\maissane\AppData\Roaming\DefaultTab\DefaultTab\update.exe [813664] =>Adware.Bandoo
    O61 - LFC: 05/11/2013 - 19:44:43 ---A- . (.MindAd.) -- C:\Users\maissane\Downloads\setup (17).exe [614520]
    O61 - LFC: 05/11/2013 - 19:44:55 RSHA- . (...) -- C:\Users\maissane\ntuser.pol [290]
    O61 - LFC: 06/11/2013 - 19:44:34 ---A- . (...) -- C:\Users\maissane\Downloads\FlvPlayerSetup (7).exe [796848]
    O61 - LFC: 07/11/2013 - 19:42:47 ---A- . (...) -- C:\Users\maissane\AppData\Local\avgchrome\avgp [110729]
    O61 - LFC: 07/11/2013 - 19:43:01 ---A- . (...) -- C:\Users\maissane\AppData\Local\Google\Chrome\User Data\Local State [50880]
    O61 - LFC: 07/11/2013 - 19:43:34 ---A- . (...) -- C:\Users\maissane\AppData\Local\tuto4pc_fr_38\upt4pc_fr_38.cyp [544] =>PUP.Eorezo
    O61 - LFC: 07/11/2013 - 19:44:18 ---A- . (...) -- C:\Users\maissane\AppData\Roaming\ZHP\Log.txt [25693] =>.Nicolas Coolman
    O61 - LFC: 07/11/2013 - 19:44:18 ---A- . (...) -- C:\Users\maissane\AppData\Roaming\ZHP\TestsZHPDiag.txt [2896] =>.Nicolas Coolman
    ~ 16 Fichiers temporaires (Temporary files)
    ~ Files: 191 Legitimates Filtered in 02mn 11s

    ---\\ Liste des outils de désinfection (LATC) (O63)
    O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    ---\\ Associations Shell Spawning (O67)
    O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S
    ~ FASS Keys: 10 Legitimates Filtered in 00mn 00s

    ---\\ Menu de démarrage Internet (SMI) (O68)
    O68 - StartMenuInternet: <Beamrise.FXR3NKGWYDKTHPYULIFC7D4RVI> <Beamrise>[HKLM\..\Shell\open\Command] (...) -- C:\Users\maissane\AppData\Local\Beamrise\Application\beamrise.exe (.not file.) =>Hijacker.Beamrise
    O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
    O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
    O68 - StartMenuInternet: <Yappyz.FXR3NKGWYDKTHPYULIFC7D4RVI> <Yappyz>[HKLM\..\Shell\open\Command] (...) -- C:\Users\maissane\AppData\Local\Yappyz\Application\yappyz.exe (.not file.) =>PUP.Yappyz
    ~ Keys: Scanned in 00mn 00s

    ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 - SBI: prefs.js [maissane - z6pc1gi0.default] user_pref("extensions.asktb.ff-original-keyword-url", "");
    O69 - SBI: SearchScopes [HKCU] 2F08D3A986A84CCE9E880F91EF7A63B9 - (Delta Search) - http://www.delta-search.com =>Toolbar.DeltaSearch
    O69 - SBI: SearchScopes [HKCU] {006ee092-9658-4fd6-bd8e-a21a348e59f5} - (Web Search) - https://search.safefinder.com/?q= =>Hijacker.SmartBar
    O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Doko Search) - http://www.do =>Hijacker.Doko
    O69 - SBI: SearchScopes [HKCU] {3BA0170A-3F54-4764-84D0-604C7CAAECCE} - (Search Here) - http://www.mysearchresults.com =>Adware.MyWebSearch
    O69 - SBI: SearchScopes [HKCU] {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} - (Norton Safe Search) - http://nortonsafe.search.ask.com
    O69 - SBI: SearchScopes [HKCU] {BD85CCEB-F468-4A5E-A42F-60E16F1AF6E0} - (Yahoo!Search) - https://fr.search.yahoo.com/
    ~ Keys: Scanned in 00mn 00s

    ---\\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [SPRF][17/08/2009] (...) -- C:\ProgramData\FullRemove.exe [131368]
    [MD5.FFB1E0D8C849B301B163B12563086BA1] [SPRF][11/02/2012] (...) -- C:\Users\maissane\AppData\Roaming\wklnhst.dat [530]
    [MD5.96030AE285C32ECCD1C599F1C5DD2BEF] [SPRF][04/10/2013] (...) -- C:\Users\maissane\Desktop\AdwCleaner_1.606_En.exe [581957]
    [MD5.972032F9CA03B3DA1EF34E3E9BD43F71] [SPRF][27/10/2013] (.FLVMPlayer - FLV Media Player Setup.) -- C:\Users\maissane\Desktop\FLVMPlayer.exe [4953944]
    ~ Files: 5 Legitimates Filtered in 00mn 01s

    ---\\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 - PUC: "9EE58E3C298524145B73CBBED3CAC4D3" . (.Internet Explorer Toolbar 4.6 by SweetPacks.) -- C:\windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}\ARPPRODUCTICON.exe =>PUP.SweetIM
    ~ Update Products: 110 Legitimates Filtered in 00mn 00s

    ---\\ Export de clés de registre aléatoires (O91)
    [HKCU\Software\5e55dcd9b76eb940\2.6.1694.246\upd]:="upd="
    [HKCU\Software\5e55dcd9b76eb940\2.7.1769.27\upd]:="upd="
    [HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:dllName="BitGuard.dll" =>PUP.BitGuard
    [HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:exeName="BitGuard.exe" =>PUP.BitGuard
    [HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:folderName="BitGuard" =>PUP.BitGuard
    [HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:guid="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
    [HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:serviceName="BitGuard" =>PUP.BitGuard
    [HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:version="2.6.1673.238" =>Hijacker.Eazel
    [HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:dllName="BitGuard.dll" =>PUP.BitGuard
    [HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:exeName="BitGuard.exe" =>PUP.BitGuard
    [HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:folderName="BitGuard" =>PUP.BitGuard
    [HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:guid="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
    [HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:serviceName="BitGuard" =>PUP.BitGuard
    [HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:version="2.6.1694.246" =>Hijacker.Eazel
    [HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
    [HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52"
    [HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
    [HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:version="2.6.1125.80"
    [HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
    [HKCU\Software\5e55dcd9b76eb940\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:version="2.6.1249.132"
    [HKCU\Software\5e55dcd9b76eb940] =>Toolbar.Babylon^
    [HKCU\Software\5e55dcd9b76eb940]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
    [HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
    [HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
    [HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
    [HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
    [HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
    [HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
    [HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
    [HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
    [HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
    [HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
    [HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs="
    [HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
    [HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs="
    [HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs="
    [HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y"
    [HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA=="
    [HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs="
    [HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A=="
    [HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y"
    [HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj"
    [HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
    [HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
    [HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
    [HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
    [HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
    [HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
    [HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
    [HKCU\Software\5e55dcd9b76eb940]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
    [HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
    [HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
    [HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
    [HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
    [HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
    [HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
    [HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
    [HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
    [HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
    [HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
    [HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP19="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tQErZ7DtYJweyl/WTcdvz1SHs="
    [HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
    [HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP20="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BXFa57DtYJweyl/WTcdvz1SHs="
    [HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP21="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tWErh7DtYJweyl/WTcdvz1SHs="
    [HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP22="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4BJDb57DtUNx/uau1udeL2y"
    [HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP23="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xMCbJVf4gcwfmjyRaRev62TA=="
    [HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP24="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41WAbh7DtYJweyl/WTcdvz1SHs="
    [HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP25="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr59cC6RITcQA/LOk51eFZvbqOn8agH+n2A=="
    [HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP26="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4JYAYsKUNEN0uqau1udeL2y"
    [HKCU\Software\5e55dcd9b76eb940]:HPFFREGEXP27="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4pXEbZJQMAI/LO18FmAdvvESDIWgjyj"
    [HKCU\Software\5e55dcd
    0