~ Rapport de ZHPDiag v2013.10.23.60 - Nicolas Coolman  (23/10/2013)
~ Lancé par lenovo (23/10/2013 14:39:08)
~ Adresse du Site Web  http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version : 
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16721 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8 Home Premium Edition, 64-bit  (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : QV3HT
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Windows Defender W8

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer
µTorrent v2.2.1 =>P2P.µTorrent

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI

---\\ Informations sur le système
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3673 MB (46% free)
System Restore: Activé (Enable)
System drive C: has 800 GB (88%) free of 905 GB

---\\ Mode de connexion au système
~ Computer Name: IDEA-PC
~ User Name: lenovo
~ All Users Names: lenovo, Administrateur, 
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\lenovo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\lenovo\AppData\Roaming\
~ %Desktop% : C:\Users\lenovo\Desktop\
~ %Favorites% : C:\Users\lenovo\Favorites\
~ %LocalAppData% : C:\Users\lenovo\AppData\Local\
~ %StartMenu% : C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 800 Go of 905 Go)
D: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/09/2013 - 23:55:10.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.36D6A3201721558A8AFBCC09C2DA4C2C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.06/11/2012 - 04:53:44.) -- C:\Windows\system32\Drivers\AFD.sys [560640]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02/02/2013 - 11:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/87
~ Mes Favoris (My Favorites) : 1/174
~ Mes Documents (My Documents) : 2/57
~ Mon Bureau (My Desktop) : 1/1044
~ Menu demarrer (Programs) : 1/38
~ Hidden Files:  Scanned in 00mn 00s



---\\ Processus lancés
[MD5.1B07F39196646E0EC91C82A2D7228FA4] - (.Systweak - Advanced System Protector.) -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe   [6588272] [PID.1644]  =>PUP.AdvancedSystemProtector
[MD5.1F6BA41827A6262F668B436B6A5D9317] - (.Lenovo - Lenovo Black Silk USB Keyboard.) -- C:\Windows\jmesoft\hotkey.exe   [118784] [PID.2940]
[MD5.A1741C3B79F9DF8895E05EF43579E74B] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe   [136488] [PID.2984]
[MD5.79EDDBCBFFC23585BC1495AFC03CC4D7] - (.CyberLink Corp. - CyberLink YouCam Tray.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe   [167024] [PID.3008]
[MD5.0B427D9943C838620AFA30CBB24A6D77] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe   [103720] [PID.3040]
[MD5.B7995C675014EEBE77A0BEB7AFCCFC08] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe   [91432] [PID.2172]
[MD5.00AB2B491C7037BB219BEB26FAD34C72] - (.CANON INC. - Canon Solution Menu EX.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.exe   [1612920] [PID.1980]
[MD5.5F7EE76129F9A591F22F99F95D97AC95] - (.CANON INC. - Canon IJ Network Scanner Selector EX.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe   [452016] [PID.2268]
[MD5.349AB4F70E2AC44970894E7F03E1576E] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe   [236384] [PID.2744]
[MD5.C849445FF9F85A2A58E38E105518B64A] - (.Iminent - Iminent.) -- C:\Program Files (x86)\Iminent\Iminent.exe   [1074736] [PID.2808]  =>Adware.IMBooster
[MD5.CC3FDEF742497F1F019B9B852980570D] - (.Iminent - Iminent.) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe   [884784] [PID.2956]  =>Adware.IMBooster
[MD5.1BF9D6476061B31CD7FC2BF848529A56] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe   [144368] [PID.2924]
[MD5.8334E5088E74401490001EF65E07CAC5] - (.CANON INC. - Canon Solution Menu EX Updater.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.exe   [593032] [PID.3284]
[MD5.E4F6125ED5185F8FA37CC4F449B85526] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe   [770608] [PID.1812]
[MD5.5EA49FEC17CB6505ACFCD12F15E69459] - (.PassWizard - ElectroLyrics-16 exe.) -- C:\program files (x86)\electrolyrics-16\electrolyrics-16-bg.exe   [748544] [PID.4552]  =>Adware.AddLyrics
[MD5.05339393450FB96031CA2BF8F8FC18E0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [8121856] [PID.1876]
~ Processes Running:  Scanned in 00mn 01s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com =>Hijacker.Qone8
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com =>Hijacker.Qone8
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com =>Hijacker.Qone8
R3 - URLSearchHook: uTorrentBar_FR Toolbar [64Bits] - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Conduit Ltd. - Conduit Toolbar.) (6.14.0.28) -- C:\Program Files (x86)\uTorrentBar_FR\prxtbuTor.dll =>Toolbar.Conduit
~ IE Browser: 14 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: uTorrentBar_FR [64Bits] - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files (x86)\uTorrentBar_FR\prxtbuTor.dll =>Toolbar.Conduit
O2 - BHO: CrossriderApp0044152 [64Bits] - {11111111-1111-1111-1111-110411411152} . (.PassWizard - ElectroLyrics-16 BHO.) -- C:\Program Files (x86)\ElectroLyrics-16\ElectroLyrics-16-bho.dll =>Adware.AddLyrics
O2 - BHO: Whilokii [64Bits] - {204df522-9a96-4a72-abb0-60f7a216d6d2} . (.Whilokii - Whilokii.) -- C:\Program Files (x86)\Whilokii\Whilokiibho.dll =>PUP.Whilokii
O2 - BHO: IMinent WebBooster [64Bits] - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} . (.Iminent - Iminent BHO.) -- C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll =>Adware.IMBooster
O2 - BHO: Wajam IE BHO [64Bits] - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} . (.Wajam - Wajam Internet Explorer Add-on.) -- C:\Program Files (x86)\Wajam\IE\priam_bho.dll =>Toolbar.Wajam
~ BHO: 9 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} Clé orpheline
~ Toolbar:  Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Advanced System Protector.lnk . (.Systweak - Advanced System Protector.)  -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe =>PUP.AdvancedSystemProtector
O4 - GS\Desktop [Public]: Canon MG5300 series Manuel en ligne.lnk . (.CANON INC. - Easy Guide Viewer.)  -- C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe 
O4 - GS\Desktop [Public]: Client PRONOTE 2013.lnk . (...)  -- C:\Program Files (x86)\Index Education\Pronote 2013\Réseau\Client PRONOTE 2013.exe
O4 - GS\Desktop [Public]: FlvPlayer.lnk . (...)  -- C:\Program Files (x86)\FlvPlayer\FLVPlayerApp.exe
O4 - GS\Desktop [Public]: FreeRide Games.lnk - Clé orpheline
O4 - GS\Desktop [Public]: Garmin Express.lnk . (.Garmin - Express.)  -- C:\Program Files (x86)\Garmin\Express\Express.exe  =>.Garmin Corporation
O4 - GS\Desktop [Public]: Hotspot 3G+ BTelecom.lnk - Clé orpheline
O4 - GS\Desktop [Public]: Pinnacle Studio 14.lnk . (.Pinnacle Systems - Studio program file.)  -- C:\Program Files (x86)\Pinnacle\Studio 14\Programs\Studio.exe 
O4 - GS\Desktop [Public]: RegClean Pro.lnk . (.Systweak Inc - RegClean Pro.)  -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe =>Rogue.RegistryPowerCleaner
O4 - GS\Desktop [Public]: VDownloader.lnk . (.Vitzo - VDownloader.)  -- C:\Program Files\VDownloader\VDownloader.exe 
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.)  -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\QuickLaunch [lenovo]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com =>Hijacker.Qone8
O4 - GS\QuickLaunch [lenovo]: Pinnacle Studio 14.lnk . (.Pinnacle Systems - Studio program file.)  -- C:\Program Files (x86)\Pinnacle\Studio 14\Programs\Studio.exe 
O4 - GS\QuickLaunch [lenovo]: VDownloader.lnk . (.Vitzo - VDownloader.)  -- C:\Program Files\VDownloader\VDownloader.exe 
O4 - GS\QuickLaunch [lenovo]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.)  -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [lenovo]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com =>Hijacker.Qone8
O4 - GS\Program [lenovo]: Lollipop.lnk . (...)  -- C:\Users\lenovo\AppData\Local\Lollipop\Lollipop.exe =>Adware.Lollipop
O4 - GS\Program [lenovo]: Ordinateur.lnk - Clé orpheline
O4 - GS\Desktop [lenovo]: année 2013 - Raccourci.lnk . (...)  -- C:\serge fichier\compte\année 2013 
O4 - GS\Desktop [lenovo]: Fichiers d’installation Norton.lnk . (...)  -- C:\Users\Public\Downloads\Norton\{N360P_prod_1.6.18_5.1.0.29} 
O4 - GS\Desktop [lenovo]: MyPC Backup.lnk . (.MyPCBackup.com - MyPC Backup.)  -- C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe =>PUP.MyPCBackup
~ Global Startup: 70 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [lenovo]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.)  -- C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe 
O4 - GS\Startup [lenovo]: MyPC Backup.lnk . (.MyPCBackup.com - MyPC Backup.)  -- C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe =>PUP.MyPCBackup
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe  =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [RtHDVBg_Dolby] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe 
O4 - HKLM\..\Run: [CanonMyPrinter] . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe 
O4 - HKLM\..\Run: [VDownloader] . (.Vitzo - VDownloader.) -- C:\Program Files\VDownloader\VDownloader.exe 
O4 - HKCU\..\Run: [Mobile Partner] Clé orpheline 
O4 - HKCU\..\Run: [GarminExpressTrayApp] . (.Garmin Ltd or its subsidiaries - Express Tray.) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe 
O4 - HKCU\..\Run: [Software updater] . (...) -- C:\Users\lenovo\AppData\Roaming\FreeSoftwareUpdater\updater.exe =>PUP.Eorezo
O4 - HKLM\..\Wow6432Node\Run: [Dolby Advanced Audio v2] . (.Dolby Laboratories Inc. - Dolby Profile Selector.) -- C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe 
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe  =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [jmekey] . (.Lenovo - Lenovo Black Silk USB Keyboard.) -- C:\WINDOWS\jmesoft\hotkey.exe 
O4 - HKLM\..\Wow6432Node\Run: [jmesoft] . (...) -- C:\Windows\jmesoft\ServiceLoader.exe 
O4 - HKLM\..\Wow6432Node\Run: [YouCam Mirage] . (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe 
O4 - HKLM\..\Wow6432Node\Run: [YouCam Tray] . (.CyberLink Corp. - CyberLink YouCam Tray.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe 
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe 
O4 - HKLM\..\Wow6432Node\Run: [UpdateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe 
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe 
O4 - HKLM\..\Wow6432Node\Run: [Intel AppUp(SM) center] . (.Intel Corporation - Intel Services Manager.) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe 
O4 - HKLM\..\Wow6432Node\Run: [CanonSolutionMenuEx] . (.CANON INC. - Canon Solution Menu EX.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.exe 
O4 - HKLM\..\Wow6432Node\Run: [IJNetworkScannerSelectorEX] . (.CANON INC. - Canon IJ Network Scanner Selector EX.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe 
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe  =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [Iminent] . (.Iminent - Iminent.) -- C:\Program Files (x86)\Iminent\Iminent.exe =>Adware.IMBooster
O4 - HKLM\..\Wow6432Node\Run: [IminentMessenger] . (.Iminent - Iminent.) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe =>Adware.IMBooster
O4 - HKUS\S-1-5-21-814653139-1448273675-3706875375-1002\..\Run: [Mobile Partner] Clé orpheline 
O4 - HKUS\S-1-5-21-814653139-1448273675-3706875375-1002\..\Run: [GarminExpressTrayApp] . (.Garmin Ltd or its subsidiaries - Express Tray.) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe 
O4 - HKUS\S-1-5-21-814653139-1448273675-3706875375-1002\..\Run: [Software updater] . (...) -- C:\Users\lenovo\AppData\Roaming\FreeSoftwareUpdater\updater.exe =>PUP.Eorezo
~ Application:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{08C06401-7F09-47D0-8F5A-4EEC0DE019CF}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{D531E69B-DB7A-40D9-9E83-B6B3ADDEFEF4}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2D8CCF6-5CD1-4CF7-A225-C66CF493FAB5}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{08C06401-7F09-47D0-8F5A-4EEC0DE019CF}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2D8CCF6-5CD1-4CF7-A225-C66CF493FAB5}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{08C06401-7F09-47D0-8F5A-4EEC0DE019CF}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{D531E69B-DB7A-40D9-9E83-B6B3ADDEFEF4}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F2D8CCF6-5CD1-4CF7-A225-C66CF493FAB5}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{08C06401-7F09-47D0-8F5A-4EEC0DE019CF}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{F2D8CCF6-5CD1-4CF7-A225-C66CF493FAB5}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll  =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) . (.Just Develop It - Backup Stack.) - C:\Program Files (x86)\MyPC Backup\BackupStack.exe =>PUP.MyPCBackup
O23 - Service: Service BonanzaDealsLive (bonanzadealsli (bonanzadealslive) . (.BonanzaDeals - BonanzaDealsLive Update.) - C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe =>Adware.BonanzaDeals
O23 - Service: JME Keyboard Driver (JME Keyboard) . (...) - C:\Windows\jmesoft\Service.exe
O23 - Service: Mise à jour automatique - Index Educatio (MajIndexEducationService) . (...) - C:\Program Files (x86)\Index Education\Mise a jour automatique\ServiceMiseAJourIndex.exe
O23 - Service: SProtection (SProtection) . (.Iminent - Iminent Protection.) - C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe =>Adware.IMBooster
O23 - Service: Update Whilokii (Update Whilokii) . (.Whilokii - Whilokii.) - C:\Program Files (x86)\Whilokii\updateWhilokii.exe =>PUP.Whilokii
O23 - Service: WajamUpdaterV2 (WajamUpdaterV2) . (.Wajam - Auto-updater.) - C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV2.exe =>Toolbar.Wajam
~ Services: 17 Legitimates Filtered in 00mn 16s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\AmiUpdXp.job   [360] =>PUP.Software.Updater
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job   [938] =>Adware.BonanzaDeals
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job   [942] =>Adware.BonanzaDeals
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\ElectroLyrics-16-chromeinstaller.job   [2004] =>Adware.AddLyrics
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\ElectroLyrics-16-codedownloader.job   [1288] =>Adware.AddLyrics
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\ElectroLyrics-16-enabler.job   [1188] =>Adware.AddLyrics
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\ElectroLyrics-16-firefoxinstaller.job   [1930] =>Adware.AddLyrics
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\ElectroLyrics-16-updater.job   [1382] =>Adware.AddLyrics
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\RegClean Pro_DEFAULT.job   [294] =>Rogue.RegistryPowerCleaner
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\RegClean Pro_UPDATES.job   [302] =>Rogue.RegistryPowerCleaner
[MD5.1B07F39196646E0EC91C82A2D7228FA4] [APT] [Advanced System Protector_startup] (.Systweak.) -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe   [6588272]  =>PUP.AdvancedSystemProtector
[MD5.9F2041F1EC121713D0BD9996CE97D03E] [APT] [BonanzaDealsLiveUpdateTaskMachineCore] (.BonanzaDeals.) -- C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe   [148976]  =>Adware.BonanzaDeals
[MD5.9F2041F1EC121713D0BD9996CE97D03E] [APT] [BonanzaDealsLiveUpdateTaskMachineUA] (.BonanzaDeals.) -- C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe   [148976]  =>Adware.BonanzaDeals
[MD5.5826462E5834594A81E0397A097B5D3E] [APT] [BonanzaDealsUpdate] (.BonanzaDealsUpdate.) -- C:\Program Files (x86)\BonanzaDeals\BonanzaDealsUpdate.exe   [78384]  =>Adware.BonanzaDeals
[MD5.C34968C46A99BBD6248D30F9F1B778C2] [APT] [BoxSoftwareUpdate] (...) -- C:\ProgramData\BoxUpdChk\updchk.exe   [177152]
[MD5.443730470E8819C168B49860CD4AF211] [APT] [ElectroLyrics-16-chromeinstaller] (.PassWizard.) -- C:\Program Files (x86)\ElectroLyrics-16\ElectroLyrics-16-chromeinstaller.exe   [471040]  =>Adware.AddLyrics
[MD5.11D59334D94E98E673493353DEE929EF] [APT] [ElectroLyrics-16-codedownloader] (.PassWizard.) -- C:\Program Files (x86)\ElectroLyrics-16\ElectroLyrics-16-codedownloader.exe   [493056]  =>Adware.AddLyrics
[MD5.AA8E6DDBE02602B21772D9B8A8F5FFE0] [APT] [ElectroLyrics-16-enabler] (.PassWizard.) -- C:\Program Files (x86)\ElectroLyrics-16\ElectroLyrics-16-enabler.exe   [354816]  =>Adware.AddLyrics
[MD5.FC066EBC1EE9899BF789489DAA649B38] [APT] [ElectroLyrics-16-firefoxinstaller] (.PassWizard.) -- C:\Program Files (x86)\ElectroLyrics-16\ElectroLyrics-16-firefoxinstaller.exe   [732160]  =>Adware.AddLyrics
[MD5.1D59592A146922D6AED743DA87FEB838] [APT] [ElectroLyrics-16-updater] (.PassWizard.) -- C:\Program Files (x86)\ElectroLyrics-16\ElectroLyrics-16-updater.exe   [364544]  =>Adware.AddLyrics
[MD5.528E572D2C91051920F43208A91E7260] [APT] [RegClean Pro] (.Systweak Inc.) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe   [7871832]  =>Rogue.RegistryPowerCleaner
[MD5.528E572D2C91051920F43208A91E7260] [APT] [RegClean Pro_DEFAULT] (.Systweak Inc.) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe   [7871832]  =>Rogue.RegistryPowerCleaner
[MD5.528E572D2C91051920F43208A91E7260] [APT] [RegClean Pro_UPDATES] (.Systweak Inc.) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe   [7871832]  =>Rogue.RegistryPowerCleaner
~ Scheduled Task: 40 Legitimates Filtered in 00mn 11s



---\\ Logiciels installés (O42)
O42 - Logiciel: Advanced System Protector - (.Systweak Software.) [HKLM][64Bits] -- 00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1 =>PUP.AdvancedSystemProtector
O42 - Logiciel: Bonanza Deals (remove only) - (.Bonanza Deals.) [HKLM][64Bits] -- Bonanza Deals =>Adware.BonanzaDeals
O42 - Logiciel: BrowserProtect - (.Bit89 Inc.) [HKLM][64Bits] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} =>Hijacker.Eazel
O42 - Logiciel: Comparing - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] -- InstallShield_{8099BF30-92FF-4878-A7BC-7372E126EBE9}
O42 - Logiciel: Comparing - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] -- {8099BF30-92FF-4878-A7BC-7372E126EBE9}
O42 - Logiciel: DomaIQ - (.Tuguu SLU.) [HKLM][64Bits] -- DomaIQ Uninstaller =>Adware.DomaIQ
O42 - Logiciel: ElectroLyrics-16 - (.PassWizard.) [HKLM][64Bits] -- ElectroLyrics-16 =>Adware.AddLyrics
O42 - Logiciel: Find the Differences - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] -- InstallShield_{65F9B587-24A7-466A-999A-9C5F9D452400}
O42 - Logiciel: Find the Differences - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] -- {65F9B587-24A7-466A-999A-9C5F9D452400}
O42 - Logiciel: Finding the Letters - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] -- InstallShield_{535FB733-FFCF-4460-8694-664A2F6C53B4}
O42 - Logiciel: Finding the Letters - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] -- {535FB733-FFCF-4460-8694-664A2F6C53B4}
O42 - Logiciel: FreeRide Games - (.Exent Technologies.) [HKLM][64Bits] -- {6C26A305-4549-4A8A-9F03-25719C03B0FB}
O42 - Logiciel: Fruits - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] -- InstallShield_{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}
O42 - Logiciel: Fruits - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] -- {AA39BFDE-71E5-46A6-A10B-44C2F45A341E}
O42 - Logiciel: Iminent - (.Iminent.) [HKLM][64Bits] -- IMBoosterARP =>Adware.IMBooster
O42 - Logiciel: Iminent - (.Iminent.) [HKLM][64Bits] -- {89B5DFCA-81E0-4EA4-8A0A-4F4087A1DD00} =>Adware.IMBooster
O42 - Logiciel: Lollipop - (.Lollipop Network, S.L..) [HKCU][64Bits] -- lollipop =>Adware.Lollipop
O42 - Logiciel: Mammals - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] -- InstallShield_{ACA58CEB-2F74-4095-ADB6-4C1BFB170F64}
O42 - Logiciel: Mammals - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] -- {ACA58CEB-2F74-4095-ADB6-4C1BFB170F64}
O42 - Logiciel: Matching Roles - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] -- InstallShield_{92736E44-7608-4D80-9333-E40C82B7E8B3}
O42 - Logiciel: Matching Roles - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] -- {92736E44-7608-4D80-9333-E40C82B7E8B3}
O42 - Logiciel: MyPC Backup  - (.MyPC Backup.) [HKLM][64Bits] -- MyPC Backup =>PUP.MyPCBackup
O42 - Logiciel: RegClean Pro - (.Systweak Inc.) [HKLM][64Bits] -- RegClean Pro_is1 =>Rogue.RegistryPowerCleaner
O42 - Logiciel: Wajam - (.Wajam.) [HKLM][64Bits] -- Wajam =>Toolbar.Wajam
O42 - Logiciel: Whilokii 1.0.0 - (.Whilokii.) [HKLM][64Bits] -- Whilokii =>PUP.Whilokii
O42 - Logiciel: timer - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] -- InstallShield_{9CC4B8EE-A96B-4800-B674-0CF8B4560F45}
O42 - Logiciel: timer - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] -- {9CC4B8EE-A96B-4800-B674-0CF8B4560F45}
~ Logic: 140 Legitimates Filtered in 00mn 03s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\BI]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\BonanzaDealsLive] =>Adware.BonanzaDeals
[HKCU\Software\BonanzaDeals] =>Adware.BonanzaDeals
[HKCU\Software\Boxore] =>Adware.Boxore
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\InstalledThirdPartyPrograms]
[HKCU\Software\Wajam] =>Toolbar.Wajam
[HKCU\Software\Whilokii] =>PUP.Whilokii
[HKCU\Software\ee8bdcb539bf49]
[HKLM\Software\DomaIQ] =>Adware.DomaIQ
[HKLM\Software\InstalledThirdPartyPrograms]
[HKLM\Software\Wow6432Node\Babylon] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\BonanzaDealsLive] =>Adware.BonanzaDeals
[HKLM\Software\Wow6432Node\BonanzaDeals] =>Adware.BonanzaDeals
[HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr
[HKLM\Software\Wow6432Node\DeltaT]
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Umbrella]
[HKLM\Software\Wow6432Node\Whilokii] =>PUP.Whilokii
[HKLM\Software\Wow6432Node\ee8bdcb539bf49]
~ Key Software: 237 Legitimates Filtered in 00mn 03s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 23/10/2013 - 13:21:20 - [18,372] ----D C:\Program Files (x86)\Advanced System Protector =>PUP.AdvancedSystemProtector
O43 - CFD: 23/10/2013 - 13:20:08 - [1,069] ----D C:\Program Files (x86)\BonanzaDeals =>Adware.BonanzaDeals
O43 - CFD: 23/10/2013 - 13:20:35 - [3,750] ----D C:\Program Files (x86)\BonanzaDealsLive =>Adware.BonanzaDeals
O43 - CFD: 21/09/2013 - 17:32:51 - [0,883] ----D C:\Program Files (x86)\Conduit
O43 - CFD: 22/10/2013 - 16:25:56 - [8,372] ----D C:\Program Files (x86)\ElectroLyrics-16 =>Adware.AddLyrics
O43 - CFD: 16/10/2012 - 03:28:04 - [14,753] ----D C:\Program Files (x86)\FreeRide Games
O43 - CFD: 20/03/2013 - 21:25:36 - [12,286] ----D C:\Program Files (x86)\Hotspot 3G+ BTelecom
O43 - CFD: 22/04/2013 - 18:00:54 - [17,565] ----D C:\Program Files (x86)\Iminent =>Adware.IMBooster
O43 - CFD: 23/10/2013 - 13:21:06 - [27,154] ----D C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 23/10/2013 - 13:20:13 - [14,401] ----D C:\Program Files (x86)\RegClean Pro =>Rogue.RegistryPowerCleaner
O43 - CFD: 22/10/2013 - 16:28:13 - [0,714] ----D C:\Program Files (x86)\Wajam =>Toolbar.Wajam
O43 - CFD: 23/10/2013 - 13:21:35 - [0,509] ----D C:\Program Files (x86)\Whilokii =>PUP.Whilokii
O43 - CFD: 04/09/2013 - 14:17:54 - [2,732] ----D C:\Program Files (x86)\Common Files\Umbrella
O43 - CFD: 18/04/2013 - 07:48:48 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 23/10/2013 - 13:20:35 - [0,053] ----D C:\ProgramData\BonanzaDealsLive =>Adware.BonanzaDeals
O43 - CFD: 18/10/2013 - 19:15:00 - [0,169] ----D C:\ProgramData\BoxUpdChk
O43 - CFD: 22/04/2013 - 17:59:12 - [0,085] ----D C:\ProgramData\BrowserProtect =>Hijacker.Eazel
O43 - CFD: 17/10/2013 - 18:02:44 - [0] ----D C:\ProgramData\eSafe =>PUP.eSafeSecurity
O43 - CFD: 16/10/2012 - 03:28:20 - [768,996] ----D C:\ProgramData\FreeRide Games
O43 - CFD: 22/04/2013 - 18:00:06 - [0,030] ----D C:\ProgramData\Iminent =>Adware.IMBooster
O43 - CFD: 18/04/2013 - 07:48:48 - [0,025] ----D C:\Users\lenovo\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 22/04/2013 - 18:00:14 - [0,016] ----D C:\Users\lenovo\AppData\Roaming\Iminent =>Adware.IMBooster
O43 - CFD: 23/10/2013 - 13:20:35 - [0] ----D C:\Users\lenovo\AppData\Local\BonanzaDealsLive =>Adware.BonanzaDeals
O43 - CFD: 21/09/2013 - 17:32:21 - [0,083] ----D C:\Users\lenovo\AppData\Local\Conduit
O43 - CFD: 22/10/2013 - 16:24:50 - [1,906] ----D C:\Users\lenovo\AppData\Local\Lollipop =>Adware.Lollipop
O43 - CFD: 22/10/2013 - 16:24:30 - [0,278] ----D C:\Users\lenovo\AppData\Local\SwvUpdater =>PUP.Software.Updater
O43 - CFD: 23/10/2013 - 13:20:08 - [0,001] ----D C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals =>Adware.BonanzaDeals
O43 - CFD: 22/04/2013 - 17:59:15 - [0,001] ----D C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect =>Hijacker.Eazel
O43 - CFD: 22/10/2013 - 16:27:45 - [0,002] ----D C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 22/10/2013 - 16:28:06 - [0,001] ----D C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam =>Toolbar.Wajam
~ Program Folder: 182 Legitimates Filtered in 00mn 11s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.6A4B9FBC1E88C400AD671A50DADFA84D] - 19/10/2013 - 08:32:38 ---A- . (...) -- C:\Windows\SysNative\ApnDatabase.xml   [386923]
O44 - LFC:[MD5.6A4B9FBC1E88C400AD671A50DADFA84D] - 19/10/2013 - 08:32:38 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml   [386923]
O44 - LFC:[MD5.27812D8E0D1A1AAEE47189A4B4AB0CF0] - 23/10/2013 - 12:20:15 ---A- . (.Systweak Inc., (www.systweak.com) - Regclean Pro.) -- C:\Windows\SysNative\roboot64.exe   [20312]  =>Rogue.RegistryPowerCleaner
O44 - LFC:[MD5.27812D8E0D1A1AAEE47189A4B4AB0CF0] - 23/10/2013 - 12:20:15 ---A- . (.Systweak Inc., (www.systweak.com) - Regclean Pro.) -- C:\Windows\System32\roboot64.exe   [20312]  =>Rogue.RegistryPowerCleaner
O44 - LFC:[MD5.CB8572E790FCE09714143741C20E9934] - 23/10/2013 - 12:21:12 ---A- . (...) -- C:\Windows\SysNative\sasnative64.exe   [16896]
O44 - LFC:[MD5.CB8572E790FCE09714143741C20E9934] - 23/10/2013 - 12:21:12 ---A- . (...) -- C:\Windows\System32\sasnative64.exe   [16896]
~ Files: 107 Legitimates Filtered in 00mn 16s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.7ADD47CAB31CBA2E5DC818FBC8B88B01] - 10/10/2013 - 12:57:27 ---A- - C:\Windows\Prefetch\NARRATOR.EXE-999B1364.pf
O45 - LFCP:[MD5.BA32DBEAF802EBF396483B237ED0F90E] - 16/10/2013 - 06:00:16 ---A- - C:\Windows\Prefetch\DISCDRPL.EXE-C29EE1F2.pf
O45 - LFCP:[MD5.D0F6453043DE94272C15CA969F8CC183] - 17/10/2013 - 09:25:58 ---A- - C:\Windows\Prefetch\CLIENT PRONOTE 2013.EXE-B5A4BA16.pf
O45 - LFCP:[MD5.2E67614E1EC9142B9BA4F20B67BB5E8E] - 17/10/2013 - 18:16:02 ---A- - C:\Windows\Prefetch\PRICEPEEP_50001_1001.EXE-4903F4F6.pf  =>Adware.PricePeep
O45 - LFCP:[MD5.B1265D35074ECEED426E28D12B3F615C] - 19/10/2013 - 13:24:34 ---A- - C:\Windows\Prefetch\MPNEX50.EXE-8CFE4E88.pf
O45 - LFCP:[MD5.FC1A2B650E1BF7C49C2E75FCD9824407] - 20/10/2013 - 16:06:47 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-2317E498.pf
O45 - LFCP:[MD5.6DA33FD4395C5660CEB5751261034BB0] - 20/10/2013 - 16:25:37 ---A- - C:\Windows\Prefetch\SUPPORT.EXE-B4B03CCA.pf
O45 - LFCP:[MD5.08FA6EA4044029E4727240CADBD4BE65] - 20/10/2013 - 16:26:51 ---A- - C:\Windows\Prefetch\POWERSHELL.EXE-3A393AF1.pf
O45 - LFCP:[MD5.54AEC93E067DCCDB71F187B6ABACB689] - 22/10/2013 - 15:28:08 ---A- - C:\Windows\Prefetch\WAJAM_DOWNLOAD.EXE-D4A81A0A.pf  =>Toolbar.Wajam
O45 - LFCP:[MD5.E7DD8BF0E27E1830C4DA5CAE7D6D1782] - 23/09/2013 - 18:23:08 ---A- - C:\Windows\Prefetch\KEYGEN.EXE-A3E637DB.pf
O45 - LFCP:[MD5.1F319BCAC72420A9910E18621AB3E7E3] - 23/10/2013 - 07:41:50 ---A- - C:\Windows\Prefetch\HOTSPOT 3G+ BTELECOM.EXE-61AF903A.pf
O45 - LFCP:[MD5.DBC6968A2E5BE6FDB6A7661378DD6E49] - 23/10/2013 - 07:42:17 ---A- - C:\Windows\Prefetch\LOLLIPOP.EXE-DAA07647.pf  =>Adware.Lollipop
O45 - LFCP:[MD5.A8817E62652AADF9B8B381395F4A01EA] - 23/10/2013 - 07:42:19 ---A- - C:\Windows\Prefetch\SERVICELOADER.EXE-48A6A7B5.pf
O45 - LFCP:[MD5.C38CA26F76E9E546A3514041F7318416] - 23/10/2013 - 07:42:19 ---A- - C:\Windows\Prefetch\YCMMIRAGE.EXE-C771F7B7.pf
O45 - LFCP:[MD5.93EF792FAC731C4C1E3027A007C1C1A1] - 23/10/2013 - 07:42:23 ---A- - C:\Windows\Prefetch\MYPC BACKUP.EXE-EFC95E5E.pf  =>PUP.MyPCBackup
O45 - LFCP:[MD5.ADDAAB9E513626E796AA83244566B20B] - 23/10/2013 - 07:42:23 ---A- - C:\Windows\Prefetch\PCEE4.EXE-EAB9EBB7.pf
O45 - LFCP:[MD5.3579088CCFC101FDB4AD9972491DAFD2] - 23/10/2013 - 07:42:28 ---A- - C:\Windows\Prefetch\HOTKEY.EXE-1A4DAE11.pf
O45 - LFCP:[MD5.E8DFC02341552E7D372743111036113B] - 23/10/2013 - 07:42:31 ---A- - C:\Windows\Prefetch\JME_LOAD.EXE-6522D6DC.pf
O45 - LFCP:[MD5.1159160DD17328CE64740488F08961E9] - 23/10/2013 - 07:42:31 ---A- - C:\Windows\Prefetch\YOUCAMTRAY.EXE-42C78E37.pf
O45 - LFCP:[MD5.76B0F70D27D0A36EC985D3894263F7E3] - 23/10/2013 - 07:42:36 ---A- - C:\Windows\Prefetch\CNMNSST.EXE-9F2304D6.pf
O45 - LFCP:[MD5.C09B0435D3429BBB3FD53253518C10BA] - 23/10/2013 - 07:42:39 ---A- - C:\Windows\Prefetch\IMINENT.EXE-3AC0CE80.pf  =>Adware.IMBooster
O45 - LFCP:[MD5.BDE9A5292C0FD40892AF8DA703F7EB4A] - 23/10/2013 - 07:42:45 ---A- - C:\Windows\Prefetch\IMINENT.MESSENGERS.EXE-C60CFCC2.pf  =>Adware.IMBooster
O45 - LFCP:[MD5.37882DB200C5C8731C7CA654577D4845] - 23/10/2013 - 09:25:01 ---A- - C:\Windows\Prefetch\ELECTROLYRICS-16-CODEDOWNLOAD-28A56BBB.pf  =>Adware.AddLyrics
O45 - LFCP:[MD5.B978731A456A689BFA5BBE12B2F3F102] - 23/10/2013 - 09:25:03 ---A- - C:\Windows\Prefetch\ELECTROLYRICS-16-CHROMEINSTAL-FF23FC35.pf  =>Adware.AddLyrics
O45 - LFCP:[MD5.3A19ECBE0A94029626672B644E608BA3] - 23/10/2013 - 11:50:27 ---A- - C:\Windows\Prefetch\dynreservedpri.db
O45 - LFCP:[MD5.9FEF111C3E1AEBA7A6DA2D6517EA0D4C] - 23/10/2013 - 12:19:39 ---A- - C:\Windows\Prefetch\WAJAM_VALIDATE.EXE-6E07A0E4.pf  =>Toolbar.Wajam
O45 - LFCP:[MD5.683D2B0A27DDCBE74E6FACBED56AB8FA] - 23/10/2013 - 12:23:01 ---A- - C:\Windows\Prefetch\720489~1.EXE-CBF0A0CB.pf
O45 - LFCP:[MD5.8CBDA9B09E6D30FCF6C09C90D072A193] - 23/10/2013 - 12:23:01 ---A- - C:\Windows\Prefetch\BD.EXE-2851DE82.pf
O45 - LFCP:[MD5.9CBF8C6805758A2B6932268747918D09] - 23/10/2013 - 12:23:01 ---A- - C:\Windows\Prefetch\DOKOTB.EXE-8606DF90.pf
O45 - LFCP:[MD5.095A2D3276C341F80C1D8BA8E426E727] - 23/10/2013 - 13:08:00 ---A- - C:\Windows\Prefetch\BACKUPSTACK.EXE-60DC9FD7.pf  =>PUP.MyPCBackup
O45 - LFCP:[MD5.478FB9A69D8570440462FC3FFEB7DE93] - 23/10/2013 - 13:08:00 ---A- - C:\Windows\Prefetch\ELECTROLYRICS-16-ENABLER.EXE-05D2A936.pf  =>Adware.AddLyrics
O45 - LFCP:[MD5.D47860D3447AA71C929A1659811D36D2] - 23/10/2013 - 13:08:00 ---A- - C:\Windows\Prefetch\ELECTROLYRICS-16-FIREFOXINSTA-B2662176.pf  =>Adware.AddLyrics
O45 - LFCP:[MD5.F3F9BA054FAFB921DD96E3FB36822B75] - 23/10/2013 - 13:09:29 ---A- - C:\Windows\Prefetch\BONANZADEALSLIVEHANDLER.EXE-EEF0C838.pf  =>Adware.BonanzaDeals
O45 - LFCP:[MD5.FF614537C65630FAFAB842FE3C2FEF72] - 23/10/2013 - 13:15:59 ---A- - C:\Windows\Prefetch\ELECTROLYRICS-16-BUTTONUTIL64-FB05B2A5.pf  =>Adware.AddLyrics
O45 - LFCP:[MD5.EBD7AE7807638A10E38EF48C0D3EDDB4] - 23/10/2013 - 13:16:10 ---A- - C:\Windows\Prefetch\ELECTROLYRICS-16-BG.EXE-E0A91DD6.pf  =>Adware.AddLyrics
O45 - LFCP:[MD5.7D444AA5B4C174371FDA693586693DCB] - 23/10/2013 - 13:25:45 ---A- - C:\Windows\Prefetch\CNMXPVAT.EXE-1D939769.pf
O45 - LFCP:[MD5.2EF082DFF887D47714C20BE4543AE5F2] - 23/10/2013 - 13:26:02 ---A- - C:\Windows\Prefetch\BONANZADEALSLIVE.EXE-D3F945C7.pf  =>Adware.BonanzaDeals
O45 - LFCP:[MD5.F3A72ABE76F79F6B1181B5F7542560F4] - 23/10/2013 - 13:29:41 ---A- - C:\Windows\Prefetch\CNMXSEAT.EXE-10898C2B.pf
O45 - LFCP:[MD5.FD5DEE2331A064E822DC3E05A25FF833] - 25/09/2013 - 13:55:32 ---A- - C:\Windows\Prefetch\GLCND.EXE-BD983615.pf
~ Prefetcher: 216 Legitimates Filtered in 00mn 01s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{0f5dd792-8efe-11e2-bea7-f80f41640bed}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{0f5dd7ff-8efe-11e2-bea7-f80f41640bed}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{0f5ddc4a-8efe-11e2-bea7-f80f41640bed}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
~ Keys:  Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.F572B7467B5CB4FA8FB6319575902E41] - 08/10/2010 - 16:59:40 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys   [32768]
~ Drivers: 17 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 20/10/2013 - 14:40:50 ---A- . (...) -- C:\Users\lenovo\Links\Desktop.lnk   [449]
O61 - LFC: 20/10/2013 - 14:40:50 ---A- . (...) -- C:\Users\lenovo\Links\Downloads.lnk   [888]
O61 - LFC: 20/10/2013 - 14:40:50 ---A- . (...) -- C:\Users\lenovo\Links\RecentPlaces.lnk   [383]
O61 - LFC: 21/10/2013 - 14:40:47 ---A- . (...) -- C:\Users\lenovo\AppData\Roaming\Microsoft\Templates\Normal.dotm   [19372]
O61 - LFC: 22/10/2013 - 14:40:39 ---A- . (...) -- C:\Users\lenovo\AppData\Local\Lollipop\Lollipop.exe   [1643008] =>Adware.Lollipop
O61 - LFC: 22/10/2013 - 14:40:39 ---A- . (...) -- C:\Users\lenovo\AppData\Local\Lollipop\logo.ico   [17542] =>Adware.Lollipop
O61 - LFC: 22/10/2013 - 14:40:39 ---A- . (...) -- C:\Users\lenovo\AppData\Local\Lollipop\lollipop_cfg.lpd   [332156] =>Adware.Lollipop
O61 - LFC: 22/10/2013 - 14:40:46 ---A- . (...) -- C:\Users\lenovo\AppData\Local\SwvUpdater\Updater.xml   [1625] =>PUP.Software.Updater
O61 - LFC: 22/10/2013 - 14:40:46 ---A- . (...) -- C:\Users\lenovo\AppData\Local\SwvUpdater\status.cfg   [1] =>PUP.Software.Updater
O61 - LFC: 22/10/2013 - 14:40:46 ---A- . (.Amonetizé Ltd.) -- C:\Users\lenovo\AppData\Local\SwvUpdater\Updater.exe   [290344] =>PUP.Software.Updater
O61 - LFC: 23/10/2013 - 14:40:39 ---A- . (...) -- C:\Users\lenovo\AppData\Local\Lollipop\lollipop.bat   [336] =>Adware.Lollipop
O61 - LFC: 23/10/2013 - 14:40:39 ---A- . (...) -- C:\Users\lenovo\AppData\Local\Lollipop\lollipop.lpd   [3999] =>Adware.Lollipop
O61 - LFC: 23/10/2013 - 14:40:39 ---A- . (...) -- C:\Users\lenovo\AppData\Local\Lollipop\lollipop_ps.lpd   [1479] =>Adware.Lollipop
O61 - LFC: 23/10/2013 - 14:40:47 ---A- . (...) -- C:\Users\lenovo\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat   [6144] =>Adware.IMBooster
O61 - LFC: 23/10/2013 - 14:40:49 ---A- . (...) -- C:\Users\lenovo\AppData\Roaming\Systweak\Advanced System Protector\2.1.1000.12150\ASPLog.txt   [9738] =>PUP.AdvancedSystemProtector
O61 - LFC: 23/10/2013 - 14:40:49 ---A- . (...) -- C:\Users\lenovo\AppData\Roaming\Systweak\Advanced System Protector\Logs\SMLog.xml   [15391] =>PUP.AdvancedSystemProtector
O61 - LFC: 23/10/2013 - 14:40:49 ---A- . (...) -- C:\Users\lenovo\AppData\Roaming\Systweak\Advanced System Protector\Logs\log_23-10-13_01-34-03.xml   [2660] =>PUP.AdvancedSystemProtector
O61 - LFC: 23/10/2013 - 14:40:49 ---A- . (...) -- C:\Users\lenovo\AppData\Roaming\Systweak\Advanced System Protector\QDetail.db   [4096] =>PUP.AdvancedSystemProtector
O61 - LFC: 23/10/2013 - 14:40:49 ---A- . (...) -- C:\Users\lenovo\AppData\Roaming\Systweak\Advanced System Protector\Settings.db   [12288] =>PUP.AdvancedSystemProtector
O61 - LFC: 23/10/2013 - 14:40:49 ---A- . (...) -- C:\Users\lenovo\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\ExcludeList.rcp   [6] =>Rogue.RegistryPowerCleaner
O61 - LFC: 23/10/2013 - 14:40:49 ---A- . (...) -- C:\Users\lenovo\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\French_rcp.dat   [56152] =>Rogue.RegistryPowerCleaner
O61 - LFC: 23/10/2013 - 14:40:49 ---A- . (...) -- C:\Users\lenovo\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000001.rmx   [192] =>Rogue.RegistryPowerCleaner
O61 - LFC: 23/10/2013 - 14:40:49 ---A- . (...) -- C:\Users\lenovo\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000001.rxb   [1338] =>Rogue.RegistryPowerCleaner
O61 - LFC: 23/10/2013 - 14:40:49 ---A- . (...) -- C:\Users\lenovo\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\TempHLList.rcp   [6] =>Rogue.RegistryPowerCleaner
O61 - LFC: 23/10/2013 - 14:40:49 ---A- . (...) -- C:\Users\lenovo\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\results.rcp   [254078] =>Rogue.RegistryPowerCleaner
O61 - LFC: 23/10/2013 - 14:40:49 ---A- . (...) -- C:\Users\lenovo\AppData\Roaming\ZHP\Log.txt   [17260]  =>.Nicolas Coolman
O61 - LFC: 23/10/2013 - 14:40:49 ---A- . (...) -- C:\Users\lenovo\AppData\Roaming\ZHP\TestsZHPDiag.txt   [2870]  =>.Nicolas Coolman
~ 7 Fichiers temporaires (Temporary files)
~ Files: 290 Legitimates Filtered in 00mn 12s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) --  C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com =>Hijacker.Qone8
~ Keys:  Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www1.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (qone8) - http://start.qone8.com =>Hijacker.Qone8
O69 - SBI: SearchScopes [HKCU] {590DA595-A721-43E6-8D87-FB5587AEA7BA} - (uTorrentBar_FR Customized Web Search) - http://search.conduit.com =>P2P.µTorrent
O69 - SBI: SearchScopes [HKCU] {83B482C8-F486-4F9E-8E78-9418B402EFE4} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys:  Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.67DFC78220D4D712A8E8C49014059C6D] [SPRF][16/05/2008] (...) -- C:\Users\lenovo\Desktop\exclude.dat   [67]
[MD5.EA1BAD233B2617EABC2B87DD217AA5B4] [SPRF][16/05/2008] (...) -- C:\Users\lenovo\Desktop\index.dat   [3243399]
~ Files: 8 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{CD1BE541-2240-4195-8062-6CBA85769EB6}" | In - None - P17 - TRUE | .(.Iminent - Iminent.) -- C:\Program Files (x86)\Iminent\Iminent.exe =>Adware.IMBooster
O87 - FAEL: "{307EAC76-38B7-44D9-A90F-4C8AAF9E8000}" | In - None - P17 - TRUE | .(.Iminent - Iminent.) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe =>Adware.IMBooster
~ Firewall: 222 Legitimates Filtered in 00mn 02s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "03FB9908FF2987847ACB37271E62BE9E" . (.Comparing.) -- C:\WINDOWS\Installer\{8099BF30-92FF-4878-A7BC-7372E126EBE9}\ARPPRODUCTICON.exe
O90 - PUC: "421D4F645E0221D4EB25CE71A7A7B424" . (.OneKey Recovery.) -- C:\WINDOWS\Installer\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\ARPPRODUCTICON.exe
O90 - PUC: "ACFD5B980E184AE4A8A0F404781ADD00" . (.Iminent.) -- C:\WINDOWS\Installer\{89B5DFCA-81E0-4EA4-8A0A-4F4087A1DD00}\imbooster.ico =>Adware.IMBooster
O90 - PUC: "BEC85ACA47F25904DA6BC4B1BF71F046" . (.Mammals.) -- C:\WINDOWS\Installer\{ACA58CEB-2F74-4095-ADB6-4C1BFB170F64}\ARPPRODUCTICON.exe
O90 - PUC: "EDFB93AA5E176A641AB0442C4FA543E1" . (.Fruits.) -- C:\WINDOWS\Installer\{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}\ARPPRODUCTICON.exe
O90 - PUC: "EE8B4CC9B69A00846B47C08F4B65F054" . (.timer.) -- C:\WINDOWS\Installer\{9CC4B8EE-A96B-4800-B674-0CF8B4560F45}\ARPPRODUCTICON.exe
~ Update Products: 83 Legitimates Filtered in 00mn 00s



---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\ee8bdcb539bf49\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\ee8bdcb539bf49\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:version="2.6.1125.80"
[HKCU\Software\ee8bdcb539bf49] =>Toolbar.Babylon^
[HKCU\Software\ee8bdcb539bf49]:version="2.6.1249.132"
[HKLM\Software\Wow6432Node\ee8bdcb539bf49]:version="2.6.1249.132"
~ Export Key Software:  Scanned in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.8DD3503A28BD7EB7BEC3FDF67844CD63] [WIS][22/04/2013] (.Iminent - Iminent.) -- C:\Windows\Installer\13ee2b9.msi   [10190848]  =>Adware.IMBooster
[MD5.349CE1CC0BA06F51D1822865F4795638] [WIS][09/08/2012] (.Tong child Research & Planning Co.,Ltd - Mammals.) -- C:\Windows\Installer\4e7f7.msi   [439808]
[MD5.FA5C8385F851A5921B7B47188F70EDD7] [WIS][09/08/2012] (.Tong child Research & Planning Co.,Ltd - Fruits.) -- C:\Windows\Installer\4e7fb.msi   [459776]
[MD5.5656C0E1B1B65A7FC7DD0D12775AF28C] [WIS][14/05/2012] (.Tong child Research & Planning Co.,Ltd - timer.) -- C:\Windows\Installer\4e7ff.msi   [427280]
[MD5.1B6CFA5330E5DB434DB6A8ED08B9DE1F] [WIS][07/08/2012] (.Tong child Research & Planning Co.,Ltd - sudoku.) -- C:\Windows\Installer\4e803.msi   [383488]
[MD5.04226B6DF0DCE511494FA1D96E6942E7] [WIS][08/08/2012] (.Tong child Research & Planning Co.,Ltd - Comparing.) -- C:\Windows\Installer\4e807.msi   [427308]
[MD5.D783CFD09F9F30D6B451B8F11B11C5EB] [WIS][07/08/2012] (.Tong child Research & Planning Co.,Ltd - Puzzle.) -- C:\Windows\Installer\4e80b.msi   [382976]
[MD5.F372BD7AEB92D9CB32459ADBB870B808] [WIS][14/05/2012] (.Tong child Research & Planning Co.,Ltd - Find the Difference.) -- C:\Windows\Installer\4e813.msi   [383488]
[MD5.CBF26C68B185BB37A1EEC5F7ADBF1A21] [WIS][14/05/2012] (.Tong child Research & Planning Co.,Ltd - Where are the letters.) -- C:\Windows\Installer\4e817.msi   [383488]
~ WIS: 84 Legitimates Filtered in 00mn 06s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 11/05/2013 65640 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 01/08/2012 239616 |  (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 06/08/2012 361984 |  (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SS - | Auto 19/09/2013 38440 |  (BackupStack) . (.Just Develop It.) - C:\Program Files (x86)\MyPC Backup\BackupStack.exe =>PUP.MyPCBackup
SS - | Auto 23/10/2013 148976 |  (bonanzadealslive) . (.BonanzaDeals.) - C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe =>Adware.BonanzaDeals
SS - | Demand 23/10/2013 148976 |  (bonanzadealslivem) . (.BonanzaDeals.) - C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe =>Adware.BonanzaDeals
SR - | Auto 22/07/2013 219480 |  (Garmin Core Update Service) . (.Garmin Ltd or its subsidiaries.) - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
SS - | Auto 09/05/2013 116648 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/05/2013 116648 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Auto 14/03/2011 346976 |  (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
SR - | Auto 13/07/2012 2451456 |  (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Auto 17/05/2012 7680 |  (IdeaTouch.LocalDataServer.Education) . (.Microsoft.) - C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
SR - | Auto 15/03/2011 32768 |  (JME Keyboard) . (...) - C:\Windows\jmesoft\Service.exe
SR - | Auto 18/09/2013 3104256 |  (MajIndexEducationService) . (...) - C:\Program Files (x86)\Index Education\Mise a jour automatique\ServiceMiseAJourIndex.exe
SR - | Auto 21/05/2013 144368 |  (N360) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
SS - | Auto 07/02/2013 161384 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 24/08/2013 2864448 |  (SProtection) . (.Iminent.) - C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe =>Adware.IMBooster
SR - | Auto 05/10/2013 65304 |  (Update Whilokii) . (.Whilokii.) - C:\Program Files (x86)\Whilokii\updateWhilokii.exe =>PUP.Whilokii
SR - | Auto 11/05/2012 211968 |  (VolumeCtlSrv) . (.Wistron Corporation.) - C:\Program Files\VolumeOSD\VolumeCtlSrv.exe
SR - | Auto 10/10/2013 113152 |  (WajamUpdaterV2) . (.Wajam.) - C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV2.exe =>Toolbar.Wajam
SS - | Demand 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
SS - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 07s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by lenovo at 23/10/2013 14:41:56
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by lenovo at 23/10/2013 14:41:58

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR:  Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 12960 - (23/10/2013)
Clés trouvées (Keys found) : 313
Valeurs trouvées (Values found) : 3
Dossiers trouvés  (Folders found) : 36
Fichiers trouvés  (Files found) : 37

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}]   =>Toolbar.Conduit^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411411152}]   =>Adware.AddLyrics^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{204DF522-9A96-4A72-ABB0-60F7A216D6D2}]   =>PUP.Whilokii^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]   =>Adware.IMBooster^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}]   =>Toolbar.Wajam^
[HKLM\SYSTEM\CurrentControlSet\Services\MyPC Backup) (BackupStack]   =>PUP.MyPCBackup^
[HKLM\SYSTEM\CurrentControlSet\Services\bonanzadealsli (bonanzadealslive]   =>Adware.BonanzaDeals^
[HKLM\SYSTEM\CurrentControlSet\Services\SProtection]   =>Adware.IMBooster^
[HKLM\SYSTEM\CurrentControlSet\Services\Update Whilokii]   =>PUP.Whilokii^
[HKLM\SYSTEM\CurrentControlSet\Services\WajamUpdaterV2]   =>Toolbar.Wajam^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1]   =>PUP.AdvancedSystemProtector^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bonanza Deals]   =>Adware.BonanzaDeals^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}]   =>Hijacker.Eazel^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller]   =>Adware.DomaIQ^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ElectroLyrics-16]   =>Adware.AddLyrics^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP]   =>Adware.IMBooster^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89B5DFCA-81E0-4EA4-8A0A-4F4087A1DD00}]   =>Adware.IMBooster^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop]   =>Adware.Lollipop^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup]   =>PUP.MyPCBackup^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1]   =>Rogue.RegistryPowerCleaner^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Wajam]   =>Toolbar.Wajam^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Whilokii]   =>PUP.Whilokii^
[HKLM\Software\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}]   =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}]   =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}]   =>Adware.IMBooster
[HKLM\Software\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}]   =>Toolbar.Wajam
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}]   =>Adware.IMBooster
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}]   =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}]   =>Toolbar.Wajam
[HKLM\Software\Wow6432Node\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}]   =>Toolbar.Wajam
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}]   =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]   =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]   =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]   =>PUP.V9Software
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}]   =>Toolbar.Wajam
[HKLM\Software\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}]   =>Toolbar.Wajam
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}]   =>PUP.Software.Updater
[HKLM\Software\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}]   =>PUP.Software.Updater
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]   =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]   =>Adware.IMBooster
[HKLM\Software\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}]   =>PUP.Software.Updater
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}]   =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}]   =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}]   =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}]   =>Toolbar.Wajam
[HKLM\Software\Wow6432Node\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}]   =>Toolbar.Wajam
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6533F74-218B-41BE-9D91-5BD471FECFFD}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D6533F74-218B-41BE-9D91-5BD471FECFFD}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Updater.AmiUpd]   =>PUP.Software.Updater
[HKLM\Software\Classes\Updater.AmiUpd.1]   =>PUP.Software.Updater
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib]   =>Toolbar.Conduit
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater]   =>Toolbar.Wajam
[HKCU\Software\Boxore]   =>Adware.Boxore
[HKLM\Software\Wow6432Node\Boxore]   =>Adware.Boxore
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes]   =>Toolbar.Conduit
[HKCU\Software\DataMngr]   =>Adware.Bandoo
[HKLM\Software\Wow6432Node\DataMngr]   =>Adware.Bandoo
[HKCU\Software\lollipop]   =>Adware.Lollipop
[HKCU\Software\Iminent]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Iminent]   =>Adware.IMBooster
[HKCU\Software\AppDataLow\Software\PriceGong]   =>Adware.PriceGong
[HKCU\Software\AppDataLow\Toolbar]   =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\uTorrentBar_FR]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\uTorrentBar_FR]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32]   =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS]   =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}]   =>PUP.Software.Updater
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_FR Toolbar]   =>Toolbar.Conduit
[HKLM\Software\Classes\Prod.cap]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\priam_bho.DLL]   =>Toolbar.Wajam
[HKCU\Software\InstallCore]   =>Adware.InstallCore
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings]   =>PUP.BProtector
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]   =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]   =>PUP.Tarma
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller]   =>Adware.MegaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}]   =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}]   =>Toolbar.DeltaSearch
[HKCU\Software\AppDataLow\Software\Crossrider]   =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\]   =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo]   =>PUP.Elex
[HKCU\Software\BI]   =>Adware.MegaSearch
[HKCU\Software\InstalledBrowserExtensions]   =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0044152.BHO]   =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0044152.BHO.1]   =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0044152.Sandbox]   =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0044152.Sandbox.1]   =>PUP.CrossRider
[HKLM\Software\Classes\iminent]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Business.Tinyfying.DownloadArgs]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Business.Tinyfying.RawDataArgs]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Business.Tinyfying.TinyUrlArgs]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Business.Tinyfying.ViralLinkArgs]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.ClientCallback]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.ContractBase]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.ServerCommand]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.Communication.ServerResult]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.LightContent]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.LightUri]   =>Adware.IMBooster
[HKLM\Software\Classes\Iminent.Mediator.MediatorServiceProxy]   =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.ActiveContentHandle.1]   =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.ActiveContentHandler]   =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.BrowserHelperObject]   =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.BrowserHelperObject.1]   =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.ScriptExtender]   =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.ScriptExtender.1]   =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.TinyUrlHandler]   =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.TinyUrlHandler.1]   =>Adware.IMBooster
[HKLM\Software\Classes\Toolbar.CT2851639]   =>Toolbar.Conduit
[HKLM\Software\Classes\wajam.WajamBHO]   =>Toolbar.Wajam
[HKLM\Software\Classes\wajam.WajamBHO.1]   =>Toolbar.Wajam
[HKLM\Software\Classes\wajam.WajamDownloader]   =>Toolbar.Wajam
[HKLM\Software\Classes\wajam.WajamDownloader.1]   =>Toolbar.Wajam
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110411411152}]   =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422412252}]   =>PUP.CrossRider
[HKLM\Software\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0044152.BHO]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0044152.BHO.1]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0044152.Sandbox]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0044152.Sandbox.1]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\iminent]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Business.Tinyfying.DownloadArgs]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Business.Tinyfying.RawDataArgs]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Business.Tinyfying.TinyUrlArgs]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Business.Tinyfying.ViralLinkArgs]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.ClientCallback]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.ContractBase]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.ServerCommand]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.ServerResult]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.LightContent]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.LightUri]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.MediatorServiceProxy]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.ActiveContentHandle.1]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.ActiveContentHandler]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.BrowserHelperObject]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.BrowserHelperObject.1]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.ScriptExtender]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.ScriptExtender.1]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.TinyUrlHandler]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.TinyUrlHandler.1]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT2851639]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\wajam.WajamBHO]   =>Toolbar.Wajam
[HKLM\Software\Wow6432Node\Classes\wajam.WajamBHO.1]   =>Toolbar.Wajam
[HKLM\Software\Wow6432Node\Classes\wajam.WajamDownloader]   =>Toolbar.Wajam
[HKLM\Software\Wow6432Node\Classes\wajam.WajamDownloader.1]   =>Toolbar.Wajam
[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110411411152}]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220422412252}]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411411152}]   =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC]   =>Adware.Boxore^
[HKLM\Software\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]   =>Toolbar.Conduit^
[HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}   =>Toolbar.Conduit^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Software updater   =>PUP.Eorezo^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Iminent   =>Adware.IMBooster^
C:\Program Files (x86)\Advanced System Protector   =>PUP.AdvancedSystemProtector^
C:\Program Files (x86)\BonanzaDeals   =>Adware.BonanzaDeals^
C:\Program Files (x86)\BonanzaDealsLive   =>Adware.BonanzaDeals^
C:\Program Files (x86)\ElectroLyrics-16   =>Adware.AddLyrics^
C:\Program Files (x86)\Iminent   =>Adware.IMBooster^
C:\Program Files (x86)\MyPC Backup   =>PUP.MyPCBackup^
C:\Program Files (x86)\RegClean Pro   =>Rogue.RegistryPowerCleaner^
C:\Program Files (x86)\Wajam   =>Toolbar.Wajam^
C:\Program Files (x86)\Whilokii   =>PUP.Whilokii^
C:\ProgramData\Babylon   =>Toolbar.Babylon^
C:\ProgramData\BonanzaDealsLive   =>Adware.BonanzaDeals^
C:\ProgramData\BrowserProtect   =>Hijacker.Eazel^
C:\ProgramData\eSafe   =>PUP.eSafeSecurity^
C:\ProgramData\Iminent   =>Adware.IMBooster^
C:\Users\lenovo\AppData\Roaming\Babylon   =>Toolbar.Babylon^
C:\Users\lenovo\AppData\Roaming\Iminent   =>Adware.IMBooster^
C:\Users\lenovo\AppData\Local\BonanzaDealsLive   =>Adware.BonanzaDeals^
C:\Users\lenovo\AppData\Local\Lollipop   =>Adware.Lollipop^
C:\Users\lenovo\AppData\Local\SwvUpdater   =>PUP.Software.Updater^
C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals   =>Adware.BonanzaDeals^
C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect   =>Hijacker.Eazel^
C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup   =>PUP.MyPCBackup^
C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam   =>Toolbar.Wajam^
C:\Program Files (x86)\FreeRide Games   =>Toolbar.FreeRide
C:\Program Files (x86)\Conduit   =>Toolbar.Conduit
C:\Program Files (x86)\Software   =>Adware.Boxore
C:\Program Files (x86)\uTorrentBar_FR   =>Toolbar.Conduit
C:\Program Files (x86)\Common Files\Umbrella   =>Adware.IMBooster
C:\ProgramData\FreeRide Games   =>Toolbar.FreeRide
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent   =>Adware.IMBooster
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro   =>Rogue.RegistryPowerCleaner
C:\Users\lenovo\AppData\Local\Conduit   =>Toolbar.Conduit
C:\Users\lenovo\AppData\Local\Software   =>Adware.Boxore
C:\Users\lenovo\AppData\LocalLow\Conduit   =>Toolbar.Conduit
C:\Users\lenovo\AppData\LocalLow\PriceGong   =>Adware.PriceGong
C:\Users\lenovo\AppData\LocalLow\uTorrentBar_FR   =>Toolbar.Conduit
C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe   =>PUP.AdvancedSystemProtector^
C:\Program Files (x86)\Iminent\Iminent.exe   =>Adware.IMBooster^
C:\Program Files (x86)\Iminent\Iminent.Messengers.exe   =>Adware.IMBooster^
C:\program files (x86)\electrolyrics-16\electrolyrics-16-bg.exe   =>Adware.AddLyrics^
C:\Windows\Tasks\AmiUpdXp.job   =>PUP.Software.Updater^
C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job   =>Adware.BonanzaDeals^
C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job   =>Adware.BonanzaDeals^
C:\Windows\Tasks\ElectroLyrics-16-chromeinstaller.job   =>Adware.AddLyrics^
C:\Windows\Tasks\ElectroLyrics-16-codedownloader.job   =>Adware.AddLyrics^
C:\Windows\Tasks\ElectroLyrics-16-enabler.job   =>Adware.AddLyrics^
C:\Windows\Tasks\ElectroLyrics-16-firefoxinstaller.job   =>Adware.AddLyrics^
C:\Windows\Tasks\ElectroLyrics-16-updater.job   =>Adware.AddLyrics^
C:\Windows\Tasks\RegClean Pro_DEFAULT.job   =>Rogue.RegistryPowerCleaner^
C:\Windows\Tasks\RegClean Pro_UPDATES.job   =>Rogue.RegistryPowerCleaner^
C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe   =>Adware.BonanzaDeals^
C:\Program Files (x86)\BonanzaDeals\BonanzaDealsUpdate.exe   =>Adware.BonanzaDeals^
C:\Program Files (x86)\ElectroLyrics-16\ElectroLyrics-16-chromeinstaller.exe   =>Adware.AddLyrics^
C:\Program Files (x86)\ElectroLyrics-16\ElectroLyrics-16-codedownloader.exe   =>Adware.AddLyrics^
C:\Program Files (x86)\ElectroLyrics-16\ElectroLyrics-16-enabler.exe   =>Adware.AddLyrics^
C:\Program Files (x86)\ElectroLyrics-16\ElectroLyrics-16-firefoxinstaller.exe   =>Adware.AddLyrics^
C:\Program Files (x86)\ElectroLyrics-16\ElectroLyrics-16-updater.exe   =>Adware.AddLyrics^
C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe   =>Rogue.RegistryPowerCleaner^
[HKCU\Software\BabSolution]   =>Hijacker.BabSolution^
[HKCU\Software\BonanzaDealsLive]   =>Adware.BonanzaDeals^
[HKCU\Software\BonanzaDeals]   =>Adware.BonanzaDeals^
[HKCU\Software\Conduit]   =>Toolbar.Conduit^
[HKCU\Software\DataMngr_Toolbar]   =>PUP.Datamngr^
[HKCU\Software\Wajam]   =>Toolbar.Wajam^
[HKCU\Software\Whilokii]   =>PUP.Whilokii^
[HKLM\Software\DomaIQ]   =>Adware.DomaIQ^
[HKLM\Software\Wow6432Node\Babylon]   =>Toolbar.Babylon^
[HKLM\Software\Wow6432Node\BonanzaDealsLive]   =>Adware.BonanzaDeals^
[HKLM\Software\Wow6432Node\BonanzaDeals]   =>Adware.BonanzaDeals^
[HKLM\Software\Wow6432Node\Conduit]   =>Toolbar.Conduit^
[HKLM\Software\Wow6432Node\Whilokii]   =>PUP.Whilokii^
[HKCU\Software\ee8bdcb539bf49]   =>Toolbar.Babylon^^
C:\Windows\Installer\13ee2b9.msi   =>Adware.IMBooster^
~ Additionnel Scan: 227484 Items scanned in 01mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26630283-pup-advancedsystemprotector   =>PUP.AdvancedSystemProtector
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster  =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/26601058-adware-addlyrics  =>Adware.AddLyrics
~ http://nicolascoolman.webs.com/apps/blog/show/33262880-hijacker-qone8    =>Hijacker.Qone8
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit   =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/33413667-pup-whilokii   =>PUP.Whilokii
~ http://nicolascoolman.webs.com/apps/blog/show/27379491-toolbar-wajam   =>Toolbar.Wajam
~ http://nicolascoolman.webs.com/apps/blog/show/29295819-rogue-registrypowercleaner   =>Rogue.RegistryPowerCleaner
~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop   =>Adware.Lollipop
~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup   =>PUP.MyPCBackup
~ http://nicolascoolman.webs.com/apps/blog/show/27469224-pup-eorezo   =>PUP.EoRezo
~ http://nicolascoolman.webs.com/apps/blog/show/32816468-adware-bonanzadeals   =>Adware.BonanzaDeals
~ http://nicolascoolman.webs.com/apps/blog/show/32713686-pup-software-updater   =>PUP.Software.Updater
~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel   =>Hijacker.Eazel
~ http://nicolascoolman.webs.com/apps/blog/show/30393137-adware-domaiq   =>Adware.DomaIQ
~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution   =>Hijacker.BabSolution
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore  =>Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr   =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore   =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blog/show/27557062-adware-vidsaver   =>Adware.VidSaver
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon  =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/27588628-pup-esafesecurity   =>PUP.eSafeSecurity
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch   =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/28000037-pup-rewardsarcade    =>PUP.RewardsArcade
~ http://nicolascoolman.webs.com/apps/blog/show/27672211-pup-v9software   =>PUP.V9Software
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo  =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/26666995-adware-pricegong   =>Adware.PriceGong
~ http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector   =>PUP.BProtector
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma   =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch   =>Adware.MegaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider   =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/33479906-pup-elex   =>PUP.Elex
~ MSI: 32 link(s) detected in 01mn 00s



~ 1634 Legitimates filtered by white list
End of the scan (1073 lines in 03mn 52s)(0)