~ Rapport de ZHPDiag v2014.1.17.19 - Nicolas Coolman (17/01/2014) ~ Lancé par Fille Marylène (19/01/2014 10:36:05) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Activate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v9.0.8112.16421 GCIE: Google Chrome v31.0.1650.63 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ---\\ Logiciels de protection du système avast! Free Antivirus v9.0.2006 Windows Defender W7 ---\\ Logiciels d'optimisation du système CCleaner v3.13 =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 11 ActiveX Adobe Reader 9.1 MUI ---\\ Informations sur le système ~ Processor: AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD ~ Operating System: 64 Bits Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot) Total RAM: 1788 MB (64% free) System Restore: Activé (Enable) System drive C: has 155 GB (70%) free of 221 GB ---\\ Mode de connexion au système ~ Computer Name: FILLEMARYLÈNE ~ User Name: Fille Marylène ~ All Users Names: HomeGroupUser$, Fille Marylène, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Fille Marylène\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Fille Marylène\AppData\Roaming\ ~ %Desktop% : C:\Users\Fille Marylène\Desktop\ ~ %Favorites% : C:\Users\Fille Marylène\Favorites\ ~ %LocalAppData% : C:\Users\Fille Marylène\AppData\Local\ ~ %StartMenu% : C:\Users\Fille Marylène\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 155 Go of 221 Go) D: CD-ROM drive (Not Inserted) E: Floppy drive, Flash card reader, USB Key (Free 4 Go of 4 Go) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.60CA010B705660542FB33B43C3653BA0] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.15/11/2013 - 02:29:03.) -- C:\Windows\System32\wininet.dll [1392128] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 01s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/22 ~ Mes musiques (My Musics) : 1/816 ~ Mes Videos (My Videos) : 2/1124 ~ Mes Favoris (My Favorites) : 1/41 ~ Mon Bureau (My Desktop) : 1/353 ~ Menu demarrer (Programs) : 1/28 ~ Hidden Files: Scanned in 00mn 11s ---\\ Processus lancés [MD5.8E5651B04BE775696B32F7F1F5DA8871] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8336896] [PID.536] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Fille Marylène\AppData\Local\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [User Data\Default] http://www.bing.com G2 - GCE: Preference [User Data\Default] [bbjciahceamgodcoidkjpchnokgfpphh] Funmoods v.2.1.3 (Désactivé) =>PUP.Funmoods G2 - GCE: Preference [User Data\Default] [dmiifdbnlinfkcbohhdcfijbcipfndff] IClaro v.1.0 (Désactivé) G2 - GCE: Preference [User Data\Default] [fikmanfpkongnopggnndbikhhicdpfka] Interest Recognizer for Crazyloader v.3.4.1545.153 (Désactivé) =>Adware.SPointer G2 - GCE: Preference [User Data\Default] [igdhbblpcellaljokkpfhcjlagemhgjl] Iminent v.7.48.1.1, (Désactivé) =>Adware.IMBooster G2 - GCE: Preference [User Data\Default] [kfkcangbigakljkjeglcofaomihpejif] WhiteSmoke US New v.10.22.5.510, (Activé) =>PUP.WhiteSmoke G2 - GCE: Preference [User Data\Default] [lmblfngognklgemafekefcdjcnkdhmdm] 2YourFace v.1.0 (Désactivé) =>Adware.2YourFace ~ Google Browser: 16 Legitimates Filtered in 00mn 01s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com =>PUP.Funmoods R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com =>PUP.Funmoods R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://start.funmoods.com =>PUP.Funmoods R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com R3 - URLSearchHook: WhiteSmoke US New Toolbar [64Bits] - {462be121-2b54-4218-bf00-b9bf8135b23f} . (.Conduit Ltd. - Conduit Toolbar.) (6.4.0.0) -- C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll =>PUP.WhiteSmoke ~ IE Browser: 21 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: Claro LTD Helper Object [64Bits] - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} . (.Montera Technologeis LTD - Pas de description.) -- C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\bh\claro.dll =>PUP.ClaroSearch O2 - BHO: C:\Users\Fille Marylène\AppData\Roaming\2YourFace\bho.dll [64Bits] - {1185823F-F22F-4027-80E5-4F68ACD5DE5E} . (...) -- C:\Users\Fille Marylène\AppData\Roaming\2YourFace\bho.dll =>Adware.2YourFace O2 - BHO: PCTBHO [64Bits] - {293A63F7-C3B6-423a-9845-901AC0A7EE6E} . (.PCTUTO - ....) -- C:\Program Files (x86)\PCTuto\pctutoBHO.dll =>PUP.AgenceExclusive O2 - BHO: WhiteSmoke US New [64Bits] - {462be121-2b54-4218-bf00-b9bf8135b23f} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll =>PUP.WhiteSmoke O2 - BHO: UrlHelper Class [64Bits] - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} . (...) -- C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll (.not file.) =>PUP.Datamngr O2 - BHO: Funmoods Helper Object [64Bits] - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} . (.Funmoods BHO - Pas de description.) -- C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll =>PUP.Funmoods O2 - BHO: IMinent WebBooster [64Bits] - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} . (.Iminent - Iminent BHO.) -- C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll =>Adware.IMBooster O2 - BHO: EOBHO [64Bits] - {C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} . (.EoRezo - ....) -- C:\Program Files (x86)\EoRezo\EoRezoBHO.dll =>PUP.Eorezo O2 - BHO: MediaBar [64Bits] - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} . (...) -- C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll (.not file.) =>PUP.Datamngr O2 - BHO: Interest recogniser for Crazyloader (powered by Spointer) [64Bits] - {C5F65718-341D-4e7d-9842-FCB9CC89527E} . (.Crazyloader - Interest Recognizer for Crazyloader.) -- C:\Program Files (x86)\CrazyLoader\spointer\extensions\crazyloader_air_ie.dll =>Adware.SPointer O2 - BHO: OfferBox [64Bits] - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} . (.Secure Digital Services Limited - OfferBox.) -- C:\Program Files (x86)\OfferBox\OfferBoxBHO.dll =>Adware.SPointer O2 - BHO: (no name) [64Bits] - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline ~ BHO: 19 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: Diaporama.lnk . (.SoftChris (Christian Martinez) - Création de diaporama.) -- C:\Program Files (x86)\Microsoft\Diaporama\Diaporama.exe O4 - GS\Desktop [Public]: eMachines Boutique Accessoire.lnk . (...) -- C:\Program Files (x86)\eMachines Accessory Store\StartUrl.exe (.not file.) O4 - GS\Desktop [Public]: eMachines GameZone Console.lnk . (.Oberon Media - eMachines GameZone Console.) -- C:\Program Files (x86)\eMachines GameZone\GameConsole\eMachines Game Console.exe O4 - GS\Desktop [Public]: eMachines Registration.lnk . (.Acer Incorporated - Global Registration.) -- C:\Program Files (x86)\eMachines\Registration\GREG.exe O4 - GS\Desktop [Public]: EPSON Scan.lnk . (.SEIKO EPSON CORP. - EPSON Scan.) -- C:\Windows\twain_32\escndv\escndv.exe O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\Desktop [Public]: RegClean Pro.lnk . (.Systweak Inc - RegClean Pro.) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe =>Rogue.RegistryPowerCleaner O4 - GS\Program [Public]: Navigateur OfferBox.lnk . (...) -- C:\Program Files (x86)\OfferBox\OfferBoxLauncher.exe (.not file.) =>PUP.OfferBox O4 - GS\QuickLaunch [Fille Marylène]: BearShare.lnk . (.MusicLab, LLC - BearShare.) -- C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe =>PUP.BearShare O4 - GS\QuickLaunch [Fille Marylène]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch [Fille Marylène]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\TaskBar [Fille Marylène]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Program [Fille Marylène]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Program [Fille Marylène]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\SystemTools [Fille Marylène]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Desktop [Fille Marylène]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Desktop [Fille Marylène]: Nettoyez votre registre gratuitement!.lnk - Clé orpheline ~ Global Startup: 70 Legitimates Filtered in 00mn 03s ---\\ Applications lancées au démarrage du sytème (O4) O4 - GS\Startup [Fille Marylène]: 2YourFace_Updater.lnk . (...) -- C:\Users\Fille Marylène\AppData\Roaming\2YourFace\Updater.exe =>Adware.2YourFace O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [Acer ePower Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.) O4 - HKLM\..\Run: [PLFSetI] . (.Pas de propriétaire - DefaultSettingEXE MFC Application.) -- C:\Windows\PLFSetI.exe O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Fille Marylène\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKCU\..\Run: [cacaoweb] . (...) -- C:\Users\Fille Marylène\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb O4 - HKCU\..\Run: [TBHostSupport] . (.Conduit Ltd. - TBHostSupport.) -- C:\Users\Fille Marylène\AppData\Local\TBHostSupport\TBHostSupport.dll =>Toolbar.Conduit O4 - HKLM\..\Wow6432Node\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Wow6432Node\Run: [EoRezo] . (.EoRezo - EoRezo.) -- C:\Program Files (x86)\EoRezo\eorezo.exe =>PUP.Eorezo O4 - HKLM\..\Wow6432Node\Run: [Iminent] . (.Iminent - Iminent.) -- C:\Program Files (x86)\Iminent\Iminent.exe =>Adware.IMBooster O4 - HKLM\..\Wow6432Node\Run: [IminentMessenger] . (.Iminent - Iminent.) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe =>Adware.IMBooster O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe O4 - HKLM\..\Wow6432Node\RunOnce: [autoupdater] . (.PCTuto - autoupdater.) -- C:\Users\Fille Marylène\AppData\Roaming\PCtuto\UpdatePCTuto\autoupdater.exe =>PUP.AgenceExclusive O4 - HKLM\..\Wow6432Node\RunOnce: [updatepctutoHP.exe] . (.pctuto - updatepctutoHP.) -- C:\Users\Fille Marylène\AppData\Local\updatepctutoHP\updatepctutoHP.exe =>PUP.AgenceExclusive O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-2515034675-1861148821-3908913507-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Fille Marylène\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKUS\S-1-5-21-2515034675-1861148821-3908913507-1000\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-2515034675-1861148821-3908913507-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKUS\S-1-5-21-2515034675-1861148821-3908913507-1000\..\Run: [cacaoweb] . (...) -- C:\Users\Fille Marylène\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb O4 - HKUS\S-1-5-21-2515034675-1861148821-3908913507-1000\..\Run: [TBHostSupport] . (.Conduit Ltd. - TBHostSupport.) -- C:\Users\Fille Marylène\AppData\Local\TBHostSupport\TBHostSupport.dll =>Toolbar.Conduit ~ Application: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{497DE8A7-2F58-42C8-9887-AB14E70FE09F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{497DE8A7-2F58-42C8-9887-AB14E70FE09F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{497DE8A7-2F58-42C8-9887-AB14E70FE09F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll (.not file.) =>PUP.Datamngr ~ AppInit DLL: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: MAJTuto (MAJTuto) . (...) - C:\Users\Fille Marylène\AppData\Local\MAJTuto\MAJTuto.exe O23 - Service: suppct_fr_3 (suppct_fr_3) . (...) - C:\Users\Fille Marylène\AppData\Local\pctuto_fr_3\suppct_fr_3.exe =>PUP.AgenceExclusive O23 - Service: Updater Service (Updater Service) . (.Acer - Acer Update Service.) - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe ~ Services: 13 Legitimates Filtered in 00mn 04s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\RegClean Pro_DEFAULT.job [294] =>Rogue.RegistryPowerCleaner O39 - APT:Automatic Planified Task - C:\Windows\Tasks\RegClean Pro_UPDATES.job [302] =>Rogue.RegistryPowerCleaner ~ Scheduled Task: 7 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: 2YourFace 1.0 - (.2YourFace.com.) [HKLM][64Bits] -- 2YourFace =>Adware.2YourFace O42 - Logiciel: BearShare - (.Musiclab, LLC.) [HKLM][64Bits] -- BearShare =>PUP.BearShare O42 - Logiciel: BearShare - (.Musiclab, LLC.) [HKLM][64Bits] -- {5F624839-947D-46EA-BD63-FD847C1AC6F1} =>PUP.BearShare O42 - Logiciel: Claro LTD toolbar on IE - (.Claro LTD.) [HKLM][64Bits] -- claro =>PUP.ClaroSearch O42 - Logiciel: CrazyLoader - (...) [HKLM][64Bits] -- CrazyLoader =>Adware.SPointer O42 - Logiciel: Funmoods Web Search - (...) [HKLM][64Bits] -- funmoods =>PUP.Funmoods O42 - Logiciel: IClaroInstaller - (.IClaro.) [HKLM][64Bits] -- {74AF34F6-ACF4-438C-9C7E-FA0307B60E45} O42 - Logiciel: Iminent - (.Iminent.) [HKLM][64Bits] -- IMBoosterARP =>Adware.IMBooster O42 - Logiciel: Iminent - (.Iminent.) [HKLM][64Bits] -- {DB8A0A15-1796-489A-9246-29A4798D249B} =>Adware.IMBooster O42 - Logiciel: MediaBar - (.Musiclab, LLC.) [HKLM][64Bits] -- BearShare 2 MediaBar =>PUP.BearShare O42 - Logiciel: PCTuto 2.0 - (.PCTuto.) [HKLM][64Bits] -- PCTuto_is1 =>PUP.AgenceExclusive O42 - Logiciel: PCTuto Maj 1.1 - (.PC-Tuto.) [HKLM][64Bits] -- PCTuto Maj_is1 =>PUP.AgenceExclusive O42 - Logiciel: RegClean Pro - (.Systweak Inc.) [HKLM][64Bits] -- RegClean Pro_is1 =>Rogue.RegistryPowerCleaner O42 - Logiciel: SweetIM for Messenger 3.4 - (.SweetIM Technologies Ltd..) [HKLM][64Bits] -- {F70AE624-2B41-476F-BC9C-0A7F158C3F15} =>PUP.SweetIM O42 - Logiciel: UpdatePCTuto 2.0 - (.PCtuto.) [HKLM][64Bits] -- UpdatePCTuto_is1 =>PUP.AgenceExclusive O42 - Logiciel: WhiteSmoke US New Toolbar - (.WhiteSmoke US New.) [HKLM][64Bits] -- WhiteSmoke_US_New Toolbar =>PUP.WhiteSmoke O42 - Logiciel: eoRezo 15.0 - (.EoRezo.) [HKLM][64Bits] -- eoRezo_is1 =>PUP.Eorezo O42 - Logiciel: majpctuto_fr_3-1.0 - (.MajPCTuto.) [HKLM][64Bits] -- majpctuto_fr_3_is1 =>PUP.AgenceExclusive ~ Logic: 39 Legitimates Filtered in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\2YourFace] =>Adware.2YourFace [HKCU\Software\BearShare] =>PUP.BearShare [HKCU\Software\Claro LTD] =>PUP.ClaroSearch [HKCU\Software\Conduit] =>Toolbar.Conduit [HKCU\Software\DataMngr] =>PUP.Datamngr [HKCU\Software\EoRezo] =>PUP.Eorezo [HKCU\Software\Iminent] =>Adware.IMBooster [HKCU\Software\OfferBox] =>PUP.OfferBox [HKCU\Software\PCTuto] =>PUP.AgenceExclusive [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\SweetIM] =>PUP.SweetIM [HKCU\Software\TutoTag] =>Spyware.AgenceExclusive [HKCU\Software\Tutorials] =>Spyware.AgenceExclusive [HKCU\Software\YahooPartnerToolbar] [HKCU\Software\cacaoweb] =>PUP.CacaoWeb [HKCU\Software\tuto4pc] =>PUP.Eorezo [HKLM\Software\Wow6432Node\BabylonToolbar] =>PUP.Babylon [HKLM\Software\Wow6432Node\BearShareMediabarTb] =>PUP.BearShare [HKLM\Software\Wow6432Node\Claro LTD] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr [HKLM\Software\Wow6432Node\EoRezo] =>PUP.Eorezo [HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster [HKLM\Software\Wow6432Node\MajPCTuto] =>PUP.AgenceExclusive [HKLM\Software\Wow6432Node\OfferBox] =>PUP.OfferBox [HKLM\Software\Wow6432Node\PCTuto] =>PUP.AgenceExclusive [HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM [HKLM\Software\Wow6432Node\WhiteSmoke_US_New] =>PUP.WhiteSmoke ~ Key Software: 289 Legitimates Filtered in 00mn 01s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 17/09/2012 - 17:57:39 - [2,048] ----D C:\Program Files (x86)\Claro LTD =>PUP.ClaroSearch O43 - CFD: 04/09/2012 - 17:35:22 - [0,609] ----D C:\Program Files (x86)\Conduit O43 - CFD: 22/11/2010 - 12:16:28 - [19,365] ----D C:\Program Files (x86)\CrazyLoader =>Adware.SPointer O43 - CFD: 28/01/2012 - 15:24:54 - [2,016] ----D C:\Program Files (x86)\eoRezo =>PUP.Eorezo O43 - CFD: 10/08/2012 - 11:43:42 - [2,012] ----D C:\Program Files (x86)\Funmoods =>PUP.Funmoods O43 - CFD: 09/08/2012 - 16:31:08 - [16,135] ----D C:\Program Files (x86)\Iminent =>Adware.IMBooster O43 - CFD: 23/11/2012 - 20:54:41 - [0] ----D C:\Program Files (x86)\majpctuto =>PUP.AgenceExclusive O43 - CFD: 23/12/2013 - 22:34:43 - [0,728] ----D C:\Program Files (x86)\majpctuto_fr_3 =>PUP.AgenceExclusive O43 - CFD: 21/09/2011 - 13:21:30 - [0,164] ----D C:\Program Files (x86)\OfferBox =>PUP.OfferBox O43 - CFD: 25/01/2012 - 15:49:46 - [6,618] ----D C:\Program Files (x86)\PCTuto =>PUP.AgenceExclusive O43 - CFD: 25/11/2012 - 09:06:42 - [12,622] ----D C:\Program Files (x86)\RegClean Pro =>Rogue.RegistryPowerCleaner O43 - CFD: 05/09/2011 - 16:00:36 - [4,302] ----D C:\Program Files (x86)\SweetIM =>PUP.SweetIM O43 - CFD: 04/09/2012 - 17:33:54 - [4,849] ----D C:\Program Files (x86)\WhiteSmoke_US_New =>PUP.WhiteSmoke O43 - CFD: 08/03/2012 - 21:00:39 - [0,004] ----D C:\ProgramData\27217 O43 - CFD: 05/09/2011 - 16:01:46 - [0,078] ----D C:\ProgramData\BearShare =>PUP.BearShare O43 - CFD: 09/08/2012 - 16:31:24 - [0,127] ----D C:\ProgramData\Iminent =>Adware.IMBooster O43 - CFD: 10/04/2010 - 08:55:38 - [0] ----D C:\ProgramData\Partner O43 - CFD: 05/09/2011 - 16:00:36 - [1,060] ----D C:\ProgramData\SweetIM =>PUP.SweetIM O43 - CFD: 05/09/2011 - 16:03:26 - [8,885] --H-D C:\ProgramData\{8F6A59AE-835F-46B0-90B3-07ADBC8494F0} O43 - CFD: 17/09/2012 - 17:57:56 - [0,894] ----D C:\Users\Fille Marylène\AppData\Roaming\2YourFace =>Adware.2YourFace O43 - CFD: 27/12/2013 - 22:00:20 - [2,566] ----D C:\Users\Fille Marylène\AppData\Roaming\cacaoweb =>PUP.CacaoWeb O43 - CFD: 22/11/2010 - 12:15:51 - [0,005] ----D C:\Users\Fille Marylène\AppData\Roaming\CrazyLoader =>Adware.SPointer O43 - CFD: 28/01/2012 - 15:24:53 - [1,891] ----D C:\Users\Fille Marylène\AppData\Roaming\EoRezo =>PUP.Eorezo O43 - CFD: 17/09/2012 - 17:57:48 - [0,027] ----D C:\Users\Fille Marylène\AppData\Roaming\IClaro O43 - CFD: 09/08/2012 - 16:31:29 - [1,365] ----D C:\Users\Fille Marylène\AppData\Roaming\Iminent =>Adware.IMBooster O43 - CFD: 20/09/2011 - 18:24:19 - [0,276] ----D C:\Users\Fille Marylène\AppData\Roaming\OfferBox =>PUP.OfferBox O43 - CFD: 05/09/2011 - 15:57:59 - [2,082] ----D C:\Users\Fille Marylène\AppData\Roaming\PCtuto =>PUP.AgenceExclusive O43 - CFD: 08/03/2012 - 21:10:41 - [123,369] ----D C:\Users\Fille Marylène\AppData\Local\BearShare =>PUP.BearShare O43 - CFD: 10/08/2012 - 11:40:49 - [0] ----D C:\Users\Fille Marylène\AppData\Local\comnetwork O43 - CFD: 04/09/2012 - 17:33:53 - [0,063] ----D C:\Users\Fille Marylène\AppData\Local\Conduit O43 - CFD: 04/03/2012 - 18:39:55 - [0,518] ----D C:\Users\Fille Marylène\AppData\Local\crazyloader Air =>Adware.SPointer O43 - CFD: 28/01/2012 - 15:33:28 - [1,135] ----D C:\Users\Fille Marylène\AppData\Local\eojet =>PUP.Eorezo O43 - CFD: 23/12/2013 - 22:45:41 - [1,042] ----D C:\Users\Fille Marylène\AppData\Local\EoRezo =>PUP.Eorezo O43 - CFD: 28/01/2012 - 15:33:30 - [2,876] ----D C:\Users\Fille Marylène\AppData\Local\MAJTuto O43 - CFD: 24/11/2012 - 13:54:57 - [2,916] ----D C:\Users\Fille Marylène\AppData\Local\pctuto_fr_3 =>PUP.AgenceExclusive O43 - CFD: 23/11/2012 - 20:55:01 - [0] ----D C:\Users\Fille Marylène\AppData\Local\suppct_fr_3 O43 - CFD: 08/12/2013 - 16:59:09 - [0,437] ----D C:\Users\Fille Marylène\AppData\Local\TBHostSupport O43 - CFD: 08/12/2013 - 16:59:10 - [0,186] ----D C:\Users\Fille Marylène\AppData\Local\WhiteListing O43 - CFD: 22/11/2010 - 12:13:37 - [0,004] ----D C:\Users\Fille Marylène\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CrazyLoader =>Adware.SPointer ~ 111 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 288 Legitimates Filtered in 01mn 37s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.5D71070B34ED6F922A35BCE6B79FEDBF] - 18/01/2014 - 17:48:04 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [9920] O44 - LFC:[MD5.5D71070B34ED6F922A35BCE6B79FEDBF] - 18/01/2014 - 17:48:04 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [9920] O44 - LFC:[MD5.737AB54ED2FB54E5FC0866040FA16322] - 19/01/2014 - 10:30:31 ---A- . (...) -- C:\Windows\ntbtlog.txt [214724] ~ Files: 15 Legitimates Filtered in 00mn 06s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{395b1009-1b78-11e1-8b9e-705ab62a1c5a}\AutoRun\command. (...) -- E:\Android_Edition_USB_DriverV5.2066.1.8.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Enumération des clés de registre StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\DATAMNGR [Key] . (...) -- C:\Program Files (x86)\BEARSH~1\MediaBar\Datamngr\DATAMN~1.exe (.not file.) =>PUP.Datamngr O53 - SMSR:HKLM\...\startupreg\SweetIM [Key] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe =>PUP.SweetIM ~ SMSR Keys: 6 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 17/10/2013 - 19:00:17 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] O58 - SDL:[MD5.59787B95DD9CA44CB139D96863438587] - 17/10/2013 - 19:00:17 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [205320] O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] O58 - SDL:[MD5.35C8434A4C8A689CDE4723FD61D286E1] - 28/11/2011 - 06:07:08 ---A- . (.HS Incorporated - USB Modem/Serial Device Driver.) -- C:\Windows\System32\Drivers\ghsdiagMDM.sys [122496] O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232] O58 - SDL:[MD5.BB59656A461826F99F6131BCBEC3102F] - 10/01/2012 - 05:00:20 ---A- . (.HandSet Incorporated - HandSet CDROM Filter.) -- C:\Windows\System32\Drivers\massfilter_hs.sys [18456] O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656] ~ Drivers: 16 Legitimates Filtered in 00mn 05s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) ~ Legacy: 115 Legitimates Filtered in 00mn 00s ---\\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] 01DC220E6FB143E8BBCC8AC990C5F3CD - (Claro Search) - http://isearch.claro-search.com =>PUP.ClaroSearch O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {7C08B129-89B2-28A1-CE80-2943BD1050A6} - (Search the web (Babylon)) - http://search.babylon.com =>Adware.IMBooster O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} - (Web Search) - http://search.bearshare.com =>PUP.BearShare O69 - SBI: SearchScopes [HKCU] {EEE6C360-6118-11DC-9C72-001320C79847} - (SweetIM Search) - http://search.sweetim.com =>PUP.SweetIM ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.26ED4DD2634A4968E76E67362E541851] [SPRF][10/09/2012] (.2YourFace.com - 2YourFace Installer - This file installs all the relevant addons.) -- C:\Users\Fille Marylène\AppData\Local\Temp\2YourFace.exe [798896] =>Adware.2YourFace [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][25/10/2012] (...) -- C:\Users\Fille Marylène\AppData\Local\Temp\5yiof0zn.dll [0] [MD5.26F108905009FD1D975DE623185F043E] [SPRF][05/09/2011] (.Musiclab, LLC - BearShare.) -- C:\Users\Fille Marylène\AppData\Local\Temp\BearShare_setup.exe [2344176] =>PUP.BearShare [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][07/08/2011] (...) -- C:\Users\Fille Marylène\AppData\Local\Temp\evt-2fbs.dll [0] [MD5.E93993B6C91822863A92A1780E19E6D2] [SPRF][28/01/2012] (...) -- C:\Users\Fille Marylène\AppData\Local\Temp\insCDDB.tmp.exe [6754304] [MD5.2ABF9AC88A776801DA736F38EA44F3E7] [SPRF][11/08/2011] (...) -- C:\Users\Fille Marylène\AppData\Local\Temp\Installhelper.dll [1472952] [MD5.CACBF829D7545CB372EE355F86FA8E54] [SPRF][30/08/2012] (...) -- C:\Users\Fille Marylène\AppData\Local\Temp\MyiClaroTB.exe [888472] [MD5.64799A0A4118C6CCB56C8C8BD9DAE0C0] [SPRF][22/11/2010] (.Secure Digital Services Limited - OfferBox Browser setup.) -- C:\Users\Fille Marylène\AppData\Local\Temp\OB.exe [1732464] =>Adware.SPointer [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][25/10/2012] (...) -- C:\Users\Fille Marylène\AppData\Local\Temp\psqjjoij.dll [0] [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][25/10/2012] (...) -- C:\Users\Fille Marylène\AppData\Local\Temp\rcnaw05m.dll [0] [MD5.EABF93AEEA41C70627BF778D303505A6] [SPRF][19/08/2012] (.2YourFace.com - 2YourFace Installer - This file installs all the relevant addons.) -- C:\Users\Fille Marylène\AppData\Local\Temp\SetupAuto.exe [502690] =>Adware.2YourFace [MD5.2FEF4DA41B5F58E66D6DE6B318BF3004] [SPRF][30/04/2012] (.2YourFace.com - Keeps 2YourFace product up-to-date.) -- C:\Users\Fille Marylène\AppData\Local\Temp\SetupUpdater.exe [266256] =>Adware.2YourFace [MD5.72412B526BCC716382E62B7939DCFD8F] [SPRF][04/08/2011] (...) -- C:\Users\Fille Marylène\AppData\Local\Temp\SRAssetsHelper.dll [1085952] [MD5.4BE6D19628D9A182995C2F9F164EED3A] [SPRF][05/09/2011] (...) -- C:\Users\Fille Marylène\AppData\Local\Temp\thanks.bat [74] [MD5.F86C243BD627487837DD10259B3F0364] [SPRF][25/11/2012] (...) -- C:\Users\Fille Marylène\AppData\Roaming\wklnhst.dat [348] [MD5.2A665235EE16982136845E78789E69DC] [SPRF][09/08/2012] (.Iminent - Iminent Setup.) -- C:\Users\Fille Marylène\Desktop\20120702IminentSetup.exe [825976] =>Adware.IMBooster [MD5.30BD33048517B8C3F980F94D2F62BFD0] [SPRF][09/08/2012] (...) -- C:\Users\Fille Marylène\Desktop\codepratic.exe [232922768] ~ Files: 34 Legitimates Filtered in 00mn 11s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "{7C7471D9-F822-4BE2-A9CB-E06A4C898686}" | In - Private - P6 - TRUE | .(.Vity - File Downloader.) -- C:\Program Files (x86)\CrazyLoader\crazyloader.exe =>Adware.SPointer O87 - FAEL: "{A96261B7-6526-4A30-9DA6-C8F7DFDC1E35}" | In - Private - P17 - TRUE | .(.Vity - File Downloader.) -- C:\Program Files (x86)\CrazyLoader\crazyloader.exe =>Adware.SPointer O87 - FAEL: "{5960BA5E-EA16-4BCE-90DA-F0935FBAA97B}" | In - Domain - P6 - TRUE | .(.MusicLab, LLC - BearShare.) -- C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe =>PUP.BearShare O87 - FAEL: "{A52A5F85-9B14-4CC6-8520-A94B7E58EECB}" | In - Domain - P17 - TRUE | .(.MusicLab, LLC - BearShare.) -- C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe =>PUP.BearShare O87 - FAEL: "TCP Query User{21400059-2064-4AAA-B02C-418DAFD5CE6B}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" | In - Private - P6 - TRUE | .(.MusicLab, LLC - BearShare.) -- C:\program files (x86)\bearshare applications\bearshare\bearshare.exe =>PUP.BearShare O87 - FAEL: "UDP Query User{311CEE04-690A-4422-9B0C-D0B7BA23703D}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" | In - Private - P17 - TRUE | .(.MusicLab, LLC - BearShare.) -- C:\program files (x86)\bearshare applications\bearshare\bearshare.exe =>PUP.BearShare O87 - FAEL: "{DAD8E967-A0A7-45AC-BB11-4D15D5F9A5FE}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\dtUser.exe (.not file.) =>PUP.BearShare O87 - FAEL: "{704B5034-1F5E-4BC0-8EFF-436CD1A33363}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\dtUser.exe (.not file.) =>PUP.BearShare O87 - FAEL: "{D2F72D59-D088-41BC-92B8-9A8E7EF5FF4C}" | In - None - P17 - TRUE | .(.Iminent - Iminent.) -- C:\Program Files (x86)\Iminent\Iminent.exe =>Adware.IMBooster O87 - FAEL: "{CD99CEE2-3A2A-471F-B699-D9A43DDCE5E9}" | In - None - P17 - TRUE | .(.Iminent - Iminent.) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe =>Adware.IMBooster O87 - FAEL: "{9D5BDA82-FADD-4788-85CE-983D4B69E02B}" | In - Private - P6 - TRUE | .(...) -- C:\Users\Fille Marylène\AppData\Roaming\2YourFace\Updater.exe =>Adware.2YourFace O87 - FAEL: "{5696721B-F2F0-4213-8FED-DF4F6268A7F3}" | In - Private - P17 - TRUE | .(...) -- C:\Users\Fille Marylène\AppData\Roaming\2YourFace\Updater.exe =>Adware.2YourFace O87 - FAEL: "TCP Query User{31C61DEB-E0DB-4B0C-B954-E52818125FA9}C:\users\fille marylène\appdata\roaming\cacaoweb\cacaoweb.exe" | In - Private - P6 - TRUE | .(...) -- C:\users\fille marylène\appdata\roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb O87 - FAEL: "UDP Query User{D79A8464-B574-422B-8894-1E5B14AC2F6F}C:\users\fille marylène\appdata\roaming\cacaoweb\cacaoweb.exe" | In - Private - P17 - TRUE | .(...) -- C:\users\fille marylène\appdata\roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb O87 - FAEL: "TCP Query User{FEB830BE-0C96-4A9C-A089-EE01523FE837}C:\users\fille marylène\appdata\roaming\cacaoweb\cacaoweb.exe" | In - Public - P6 - TRUE | .(...) -- C:\users\fille marylène\appdata\roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb O87 - FAEL: "UDP Query User{BD273825-5357-4BA8-A038-5B84A7DB5881}C:\users\fille marylène\appdata\roaming\cacaoweb\cacaoweb.exe" | In - Public - P17 - TRUE | .(...) -- C:\users\fille marylène\appdata\roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb ~ Firewall: 220 Legitimates Filtered in 00mn 01s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "51A0A8BD6971A9842964924A97D842B9" . (.Iminent.) -- C:\Windows\Installer\{DB8A0A15-1796-489A-9246-29A4798D249B}\imbooster.ico =>Adware.IMBooster ~ Update Products: 117 Legitimates Filtered in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.26E0C4D2491269C7A3DBFF4C5305F7E6] [WIS][09/08/2012] (.Iminent - Iminent.) -- C:\Windows\Installer\1326b6.msi [8929280] =>Adware.IMBooster [MD5.22B7B0097575E1CEB1419E5379189754] [WIS][05/09/2011] (.SweetIM Technologies Ltd. - SweetIM for Messenger 3.4.) -- C:\Windows\Installer\45322.msi [2990592] =>PUP.SweetIM [MD5.9D6FA810CC81E8B92661BCEC1C94B039] [WIS][05/09/2011] (.Musiclab, LLC - BearShare.) -- C:\Windows\Installer\45327.msi [335872] =>PUP.BearShare [MD5.90CDD56121998FD4EBBF73196B382A50] [WIS][14/08/2012] (.IClaro - IClaroInstaller.) -- C:\Windows\Installer\be8cc.msi [182272] ~ WIS: 121 Legitimates Filtered in 00mn 16s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 14/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 04/08/2009 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SS - | Auto 17/10/2013 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SS - | Auto 29/10/2009 844320 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe SS - | Auto 29/07/2009 163840 | (EPSON_EB_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.exe SS - | Auto 29/07/2009 126464 | (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.exe SS - | Auto 28/08/2009 1150496 | (Greg_Service) . (.Acer Incorporated.) - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe SS - | Auto 10/08/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 10/08/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Auto 04/01/2012 3015168 | (MAJTuto) . (...) - C:\Users\Fille Marylène\AppData\Local\MAJTuto\MAJTuto.exe SS - | Demand 18/06/2009 50432 | (NTIBackupSvc) . (.NewTech InfoSystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe SS - | Auto 18/06/2009 144640 | (NTISchedulerSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Auto 23/11/2012 3057016 | (suppct_fr_3) . (...) - C:\Users\Fille Marylène\AppData\Local\pctuto_fr_3\suppct_fr_3.exe =>PUP.AgenceExclusive SS - | Auto 14/12/2011 2984832 | (TeamViewer7) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe SS - | Auto 04/07/2009 240160 | (Updater Service) . (.Acer.) - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe SS - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SS - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 20s ---\\ Scan Additionnel (O88) Database Version : 13024 - (17/01/2014) Clés trouvées (Keys found) : 605 Valeurs trouvées (Values found) : 5 Dossiers trouvés (Folders found) : 45 Fichiers trouvés (Files found) : 27 [HKLM\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh] =>PUP.Funmoods^ [HKLM\Software\Google\Chrome\Extensions\fikmanfpkongnopggnndbikhhicdpfka] =>Adware.SPointer^ [HKLM\Software\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl] =>Adware.IMBooster^ [HKLM\Software\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejif] =>PUP.WhiteSmoke^ [HKLM\Software\Google\Chrome\Extensions\lmblfngognklgemafekefcdjcnkdhmdm] =>Adware.2YourFace^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}] =>PUP.ClaroSearch^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}] =>Adware.2YourFace^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{293A63F7-C3B6-423A-9845-901AC0A7EE6E}] =>PUP.AgenceExclusive^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{462BE121-2B54-4218-BF00-B9BF8135B23F}] =>PUP.WhiteSmoke^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493F-B0DA-6D2FC5E6429E}] =>PUP.Datamngr^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}] =>PUP.Funmoods^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}] =>PUP.Eorezo^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}] =>PUP.Datamngr^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5F65718-341D-4E7D-9842-FCB9CC89527E}] =>Adware.SPointer^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] =>Adware.SPointer^ [HKLM\SYSTEM\CurrentControlSet\Services\suppct_fr_3] =>PUP.AgenceExclusive^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\2YourFace] =>Adware.2YourFace^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BearShare] =>PUP.BearShare^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F624839-947D-46EA-BD63-FD847C1AC6F1}] =>PUP.BearShare^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\claro] =>PUP.ClaroSearch^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\CrazyLoader] =>Adware.SPointer^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\funmoods] =>PUP.Funmoods^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DB8A0A15-1796-489A-9246-29A4798D249B}] =>Adware.IMBooster^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BearShare 2 MediaBar] =>PUP.BearShare^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCTuto_is1] =>PUP.AgenceExclusive^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCTuto Maj_is1] =>PUP.AgenceExclusive^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1] =>Rogue.RegistryPowerCleaner^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F70AE624-2B41-476F-BC9C-0A7F158C3F15}] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdatePCTuto_is1] =>PUP.AgenceExclusive^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US_New Toolbar] =>PUP.WhiteSmoke^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\eoRezo_is1] =>PUP.Eorezo^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\majpctuto_fr_3_is1] =>PUP.AgenceExclusive^ [HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR] =>PUP.Datamngr^ [HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM] =>PUP.SweetIM^ [HKLM\Software\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}] =>Adware.IMBooster [HKLM\Software\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}] =>PUP.Funmoods [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}] =>Hijacker.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}] =>Hijacker.Agent [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}] =>Hijacker.Agent [HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster [HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster [HKLM\Software\Classes\TypeLib\{0BF73E27-2734-4F7B-925A-4BBB1457F5FA}] =>PUP.Eorezo [HKLM\Software\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}] =>PUP.Funmoods [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}] =>PUP.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{18AF7201-4F14-4BCF-93FE-45617CF259FF}] =>PUP.Eorezo [HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}] =>PUP.Funmoods [HKLM\Software\Classes\AppID\{1fc41815-fa4c-4f8b-b143-2c045c8ea2fc}] =>PUP.Kiwee [HKLM\Software\Wow6432Node\Classes\AppID\{1fc41815-fa4c-4f8b-b143-2c045c8ea2fc}] =>PUP.Kiwee [HKLM\Software\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}] =>PUP.iMesh [HKLM\Software\Wow6432Node\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}] =>PUP.iMesh [HKLM\Software\Classes\TypeLib\{252c2315-cce0-4446-8da7-c00292a690ba}] =>PUP.iMesh [HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{293A63F7-C3B6-423A-9845-901AC0A7EE6E}] =>PUP.Eorezo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{293A63F7-C3B6-423A-9845-901AC0A7EE6E}] =>PUP.Eorezo [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{293A63F7-C3B6-423A-9845-901AC0A7EE6E}] =>PUP.Eorezo [HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade [HKLM\Software\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}] =>PUP.iMesh [HKLM\Software\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}] =>PUP.iMesh [HKLM\Software\Wow6432Node\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}] =>PUP.iMesh [HKLM\Software\Classes\Interface\{471E3998-588E-41D5-A874-FA11C44B70DE}] =>PUP.OfferBox [HKLM\Software\Wow6432Node\Classes\Interface\{471E3998-588E-41D5-A874-FA11C44B70DE}] =>PUP.OfferBox [HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{4d3b167e-5fd8-4276-8fd7-9df19c1e4d19}] =>PUP.SweetIM [HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon [HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon [HKLM\Software\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}] =>PUP.iMesh [HKLM\Software\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}] =>PUP.iMesh [HKLM\Software\Wow6432Node\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}] =>PUP.iMesh [HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F}] =>PUP.ClaroSearch [HKLM\Software\Classes\TypeLib\{63AF3145-D2DC-4F1D-BB3A-3AAD9FEC3430}] =>PUP.OfferBox [HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6DF77AA3-27AF-46f2-A1DA-B569AC6BEEFF}] =>PUP.OfferBox [HKLM\Software\Classes\Interface\{6F6C45E4-E231-4F0F-8CD8-AA5770303EAA}] =>PUP.OfferBox [HKLM\Software\Wow6432Node\Classes\Interface\{6F6C45E4-E231-4F0F-8CD8-AA5770303EAA}] =>PUP.OfferBox [HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade [HKLM\Software\Classes\AppID\{756C097C-6BDB-45de-A8F1-83E01AB86BA4}] =>PUP.BearShare [HKLM\Software\Wow6432Node\Classes\AppID\{756C097C-6BDB-45de-A8F1-83E01AB86BA4}] =>PUP.BearShare [HKLM\Software\Classes\AppID\{759F1421-4D31-4C1F-8C51-E4956A037676}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\AppID\{759F1421-4D31-4C1F-8C51-E4956A037676}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}] =>PUP.Funmoods [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}] =>PUP.Funmoods [HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424c-BB9F-74C6899B9F92}] =>Adware.Bandoo [HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade [HKLM\Software\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}] =>PUP.Funmoods [HKLM\Software\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}] =>PUP.Funmoods [HKLM\Software\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}] =>PUP.SweetIM [HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}] =>Hijacker.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}] =>Hijacker.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}] =>PUP.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}] =>PUP.Funmoods [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}] =>PUP.Funmoods [HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade [HKLM\Software\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}] =>PUP.iMesh [HKLM\Software\Wow6432Node\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}] =>PUP.iMesh [HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade [HKLM\Software\Classes\AppID\{AFBB7970-789A-4264-BA70-E8127DECE400}] =>PUP.Eorezo [HKLM\Software\Wow6432Node\Classes\AppID\{AFBB7970-789A-4264-BA70-E8127DECE400}] =>PUP.Eorezo [HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade [HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}] =>PUP.iMesh [HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}] =>PUP.Eorezo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}] =>PUP.Eorezo [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}] =>PUP.Eorezo [HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}] =>Adware.IMBooster [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5F65718-341D-4e7d-9842-FCB9CC89527E}] =>Adware.SPointer [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5F65718-341D-4e7d-9842-FCB9CC89527E}] =>Adware.SPointer [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5F65718-341D-4e7d-9842-FCB9CC89527E}] =>Adware.SPointer [HKLM\Software\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D4E856E7-C034-49BA-BFEF-B785F3CBD7BA}] =>PUP.OfferBox [HKLM\Software\Wow6432Node\Classes\Interface\{D4E856E7-C034-49BA-BFEF-B785F3CBD7BA}] =>PUP.OfferBox [HKLM\Software\Classes\TypeLib\{D530F69A-EB2D-4EC6-BD37-E123AEFCA011}] =>PUP.OfferBox [HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon [HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{DB7A9C36-6C85-48BE-BA8D-151B6B144BE0}] =>PUP.OfferBox [HKLM\Software\Wow6432Node\Classes\Interface\{DB7A9C36-6C85-48BE-BA8D-151B6B144BE0}] =>PUP.OfferBox [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DBA4B812-2415-4000-AFCB-56F53E668DC5}] =>PUP.OfferBox [HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{DF76E9B7-35EC-46FC-AF56-5B79DED9D64F}] =>PUP.Eorezo [HKLM\Software\Wow6432Node\Classes\Interface\{DF76E9B7-35EC-46FC-AF56-5B79DED9D64F}] =>PUP.Eorezo [HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{E2ED56B6-35FC-4484-9530-EC87FB458E78}] =>PUP.Eorezo [HKLM\Software\Wow6432Node\Classes\Interface\{E2ED56B6-35FC-4484-9530-EC87FB458E78}] =>PUP.Eorezo [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{F77F3DFC-F5DC-4316-AB50-B50B16F2BEF4}] =>PUP.OfferBox [HKLM\Software\Wow6432Node\Classes\Interface\{F77F3DFC-F5DC-4316-AB50-B50B16F2BEF4}] =>PUP.OfferBox [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] =>Hijacker.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] =>Hijacker.Agent [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] =>Hijacker.Agent [HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade [HKLM\Software\Classes\AppID\BearShare.exe] =>PUP.BearShare [HKLM\Software\Classes\AppID\DiscoveryHelper.DLL] =>PUP.BearShare [HKLM\Software\Classes\AppID\eoenginebho.dll] =>PUP.Eorezo [HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon [HKLM\Software\Classes\AppID\escortapp.dll] =>PUP.Babylon [HKLM\Software\Classes\AppID\escorteng.dll] =>PUP.Babylon [HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon [HKLM\Software\Classes\AppID\GIFAnimator.DLL] =>PUP.BearShare [HKLM\Software\Classes\AppID\IMTrProgress.DLL] =>PUP.BearShare [HKLM\Software\Classes\AppID\IMWeb.DLL] =>PUP.BearShare [HKLM\Software\Classes\AppID\PCTutoBHO.DLL] =>Spyware.AgenceExclusive [HKLM\Software\Classes\AppID\WMHelper.DLL] =>PUP.BearShare [HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\sweetim.exe] =>PUP.SweetIM [HKLM\Software\Classes\DiscoveryHelper.iMesh6Discovery] =>PUP.iMesh [HKLM\Software\Classes\DiscoveryHelper.iMesh6Discovery.1] =>PUP.iMesh [HKLM\Software\Classes\eoenginebho.eobho] =>PUP.Eorezo [HKLM\Software\Classes\eoenginebho.eobho.1] =>PUP.Eorezo [HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods [HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods [HKLM\Software\Classes\esrv.funmoodsESrvc] =>PUP.Funmoods [HKLM\Software\Classes\esrv.funmoodsESrvc.1] =>PUP.Funmoods [HKLM\Software\Classes\f] =>PUP.Funmoods [HKLM\Software\Classes\funmoods.dskBnd] =>PUP.Funmoods [HKLM\Software\Classes\funmoods.dskBnd.1] =>PUP.Funmoods [HKLM\Software\Classes\imweb.imwebcontrol] =>PUP.iMesh [HKLM\Software\Classes\PCTutoBHO.PCTBHO] =>Spyware.AgenceExclusive [HKLM\Software\Classes\PCTutoBHO.PCTBHO.1] =>Spyware.AgenceExclusive [HKLM\Software\Classes\sim-packages] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom] =>PUP.OfferBox [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F70AE624-2B41-476F-BC9C-0A7F158C3F15}] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl] =>Adware.IMBooster [HKCU\Software\2YourFace] =>Adware.2YourFace [HKLM\Software\Wow6432Node\BabylonToolbar] =>PUP.Babylon [HKLM\Software\Wow6432Node\BearShareMediabarTb] =>Toolbar.Agent [HKCU\Software\cacaoweb] =>PUP.CacaoWeb [HKLM\Software\CrazyLoader] =>Adware.SPointer [HKCU\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo [HKCU\Software\eorezo] =>PUP.Eorezo [HKLM\Software\Wow6432Node\eorezo] =>PUP.Eorezo [HKCU\Software\Iminent] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster [HKCU\Software\OfferBox] =>PUP.OfferBox [HKLM\Software\Wow6432Node\OfferBox] =>PUP.OfferBox [HKCU\Software\PCTuto] =>Spyware.AgenceExclusive [HKLM\Software\Wow6432Node\PCTuto] =>Spyware.AgenceExclusive [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\Spointer] =>Adware.SPointer [HKCU\Software\SweetIM] =>PUP.SweetIM [HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM [HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit [HKCU\Software\Tuto4pc] =>PUP.Eorezo [HKCU\Software\Tutorials] =>Spyware.AgenceExclusive [HKLM\Software\Wow6432Node\Microsoft\Tracing\Babylon_RASAPI32] =>PUP.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\Babylon_RASMANCS] =>PUP.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\2YourFace] =>Adware.2YourFace [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\claro] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PCTuto Avast_is1] =>Spyware.AgenceExclusive [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PCTuto Maj_is1] =>Spyware.AgenceExclusive [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PcTuto_is1] =>Spyware.AgenceExclusive [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UpdatePCTuto_is1] =>Spyware.AgenceExclusive [HKLM\Software\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}] =>Toolbar.Conduit [HKCU\Software\JavaSoft\Prefs\crazyloader] =>Adware.SPointer [HKLM\Software\Classes\Prod.cap] =>PUP.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASAPI32] =>PUP.OfferBox [HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASMANCS] =>PUP.OfferBox [HKLM\Software\Classes\Installer\Features\426EA07F14B2F674CBC9A0F751C8F351] =>PUP.SweetIM [HKLM\Software\Classes\Installer\Products\426EA07F14B2F674CBC9A0F751C8F351] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\426EA07F14B2F674CBC9A0F751C8F351] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Classes\Installer\Features\426EA07F14B2F674CBC9A0F751C8F351] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Classes\Installer\Products\426EA07F14B2F674CBC9A0F751C8F351] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\fikmanfpkongnopggnndbikhhicdpfka] =>Adware.SPointer [HKLM\Software\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}] =>PUP.ClaroSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma [HKLM\Software\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}] =>PUP.Funmoods [HKLM\Software\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}] =>PUP.Funmoods [HKLM\Software\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}] =>PUP.Funmoods [HKLM\Software\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}] =>PUP.Funmoods [HKLM\Software\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}] =>PUP.Funmoods [HKLM\Software\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}] =>PUP.Funmoods [HKLM\Software\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}] =>PUP.Funmoods [HKLM\Software\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}] =>PUP.Funmoods [HKLM\Software\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}] =>PUP.Funmoods [HKLM\Software\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}] =>PUP.Funmoods [HKLM\Software\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}] =>PUP.Funmoods [HKLM\Software\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}] =>PUP.Funmoods [HKLM\Software\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}] =>PUP.Funmoods [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\LMBLFNGOGNKLGEMAFEKEFCDJCNKDHMDM] =>PUP.Babylon [HKLM\Software\Classes\MediaPlayer.GraphicsUtils] =>PUP.SweetIM [HKLM\Software\Classes\MediaPlayer.GraphicsUtils.1] =>PUP.SweetIM [HKLM\Software\Classes\MgMediaPlayer.GifAnimator] =>PUP.SweetIM [HKLM\Software\Classes\MgMediaPlayer.GifAnimator.1] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] =>PUP.SweetIM [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}] =>PUP.BearShare [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}] =>PUP.BearShare [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}] =>PUP.BearShare [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}] =>PUP.BearShare [HKLM\Software\Classes\AppID\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}] =>PUP.ClaroSearch [HKLM\Software\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\AppID\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}] =>PUP.ClaroSearch [HKLM\Software\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}] =>PUP.ClaroSearch [HKLM\Software\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}] =>PUP.ClaroSearch [HKLM\Software\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}] =>PUP.ClaroSearch [HKLM\Software\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}] =>PUP.ClaroSearch [HKLM\Software\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}] =>PUP.ClaroSearch [HKLM\Software\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}] =>PUP.ClaroSearch [HKLM\Software\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}] =>PUP.ClaroSearch [HKLM\Software\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}] =>PUP.ClaroSearch [HKLM\Software\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}] =>PUP.ClaroSearch [HKLM\Software\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}] =>PUP.ClaroSearch [HKLM\Software\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}] =>PUP.ClaroSearch [HKLM\Software\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}] =>PUP.ClaroSearch [HKLM\Software\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}] =>PUP.ClaroSearch [HKLM\Software\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}] =>PUP.ClaroSearch [HKLM\Software\Classes\esrv.claroESrvc.1] =>PUP.ClaroSearch [HKLM\Software\Classes\esrv.claroESrvc] =>PUP.ClaroSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\175C300D9A9FB725484BA7DCEE4B56B8] =>PUP.ClaroSearch [HKLM\Software\Classes\Installer\Features\6F43FA474FCAC834C9E7AF30706BE054] =>PUP.ClaroSearch [HKLM\Software\Classes\Installer\Products\6F43FA474FCAC834C9E7AF30706BE054] =>PUP.ClaroSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6F43FA474FCAC834C9E7AF30706BE054] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\Installer\Features\6F43FA474FCAC834C9E7AF30706BE054] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\Installer\Products\6F43FA474FCAC834C9E7AF30706BE054] =>PUP.ClaroSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5C8B5FB7CB5DD447A0BAAAF637FBD77] =>PUP.ClaroSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF96568971BEAC14B8815883832BD484] =>PUP.ClaroSearch [HKCU\Software\Microsoft\IClaroDirectory] =>PUP.ClaroSearch [HKLM\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}] =>Toolbar.Conduit [HKLM\Software\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS] =>Toolbar.Conduit [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A] =>Adware.IMBooster [HKLM\Software\Classes\AppID\BabylonHelper.EXE] =>PUP.Babylon [HKLM\Software\Classes\funmoods.funmoodsHlpr] =>PUP.Funmoods [HKLM\Software\Classes\funmoods.funmoodsHlpr.1] =>PUP.Funmoods [HKLM\Software\Classes\funmoodsApp.appCore] =>PUP.Funmoods [HKLM\Software\Classes\funmoodsApp.appCore.1] =>PUP.Funmoods [HKLM\Software\Classes\iminent] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Business.Tinyfying.DownloadArgs] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Business.Tinyfying.RawDataArgs] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Business.Tinyfying.TinyUrlArgs] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Business.Tinyfying.ViralLinkArgs] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.ClientCallback] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.ContractBase] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.ServerCommand] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.Communication.ServerResult] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.LightContent] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.LightUri] =>Adware.IMBooster [HKLM\Software\Classes\Iminent.Mediator.MediatorServiceProxy] =>Adware.IMBooster [HKLM\Software\Classes\IminentWebBooster.ActiveContentHandle.1] =>Adware.IMBooster [HKLM\Software\Classes\IminentWebBooster.ActiveContentHandler] =>Adware.IMBooster [HKLM\Software\Classes\IminentWebBooster.BrowserHelperObject] =>Adware.IMBooster [HKLM\Software\Classes\IminentWebBooster.BrowserHelperObject.1] =>Adware.IMBooster [HKLM\Software\Classes\IminentWebBooster.ScriptExtender] =>Adware.IMBooster [HKLM\Software\Classes\IminentWebBooster.ScriptExtender.1] =>Adware.IMBooster [HKLM\Software\Classes\IminentWebBooster.TinyUrlHandler] =>Adware.IMBooster [HKLM\Software\Classes\IminentWebBooster.TinyUrlHandler.1] =>Adware.IMBooster [HKLM\Software\Classes\Crazyloader.Spointer] =>Adware.SPointer [HKLM\Software\Classes\Crazyloader.Spointer.1] =>Adware.SPointer [HKLM\Software\Classes\Crazyloader.SpointerCtrl] =>Adware.SPointer [HKLM\Software\Classes\Crazyloader.SpointerCtrl.1] =>Adware.SPointer [HKLM\Software\Classes\Crazyloader.SpointerWebDisp] =>Adware.SPointer [HKLM\Software\Classes\Crazyloader.SpointerWebDisp.1] =>Adware.SPointer [HKLM\Software\Classes\Toolbar.CT3244149] =>Toolbar.Conduit [HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods [HKLM\Software\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\EoEngineBHO.EOBHO] =>PUP.Eorezo [HKLM\Software\Wow6432Node\Classes\EoEngineBHO.EOBHO.1] =>PUP.Eorezo [HKLM\Software\Wow6432Node\Classes\escort.escortIEPane] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\escort.escortIEPane.1] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\esrv.funmoodsESrvc] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\esrv.funmoodsESrvc.1] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\funmoods.dskBnd] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\funmoods.dskBnd.1] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\funmoods.funmoodsHlpr] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\funmoods.funmoodsHlpr.1] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\funmoodsApp.appCore] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\funmoodsApp.appCore.1] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\iminent] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Business.Tinyfying.DownloadArgs] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Business.Tinyfying.RawDataArgs] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Business.Tinyfying.TinyUrlArgs] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Business.Tinyfying.ViralLinkArgs] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.ClientCallback] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.ContractBase] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.ServerCommand] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.Communication.ServerResult] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.LightContent] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.LightUri] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Iminent.Mediator.MediatorServiceProxy] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\IminentWebBooster.ActiveContentHandle.1] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\IminentWebBooster.ActiveContentHandler] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\IminentWebBooster.BrowserHelperObject] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\IminentWebBooster.BrowserHelperObject.1] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\IminentWebBooster.ScriptExtender] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\IminentWebBooster.ScriptExtender.1] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\IminentWebBooster.TinyUrlHandler] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\IminentWebBooster.TinyUrlHandler.1] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Crazyloader.Spointer] =>Adware.SPointer [HKLM\Software\Wow6432Node\Classes\Crazyloader.Spointer.1] =>Adware.SPointer [HKLM\Software\Wow6432Node\Classes\Crazyloader.SpointerCtrl] =>Adware.SPointer [HKLM\Software\Wow6432Node\Classes\Crazyloader.SpointerCtrl.1] =>Adware.SPointer [HKLM\Software\Wow6432Node\Classes\Crazyloader.SpointerWebDisp] =>Adware.SPointer [HKLM\Software\Wow6432Node\Classes\Crazyloader.SpointerWebDisp.1] =>Adware.SPointer [HKLM\Software\Wow6432Node\Classes\Toolbar.CT3244149] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\AppID\EoEngineBHO.DLL] =>PUP.Eorezo [HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL] =>Adware.IMBooster [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}] =>Adware.Bandoo^ [HKLM\Software\Classes\claro.claroappCore] =>PUP.ClaroSearch^ [HKLM\Software\Classes\claro.claroappCore.1] =>PUP.ClaroSearch^ [HKLM\Software\Classes\claro.clarodskBnd] =>PUP.ClaroSearch^ [HKLM\Software\Classes\claro.clarodskBnd.1] =>PUP.ClaroSearch^ [HKLM\Software\Classes\claro.claroHlpr] =>PUP.ClaroSearch^ [HKLM\Software\Classes\claro.claroHlpr.1] =>PUP.ClaroSearch^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^ [HKLM\Software\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}] =>Toolbar.Conduit^ [HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{462be121-2b54-4218-bf00-b9bf8135b23f} =>PUP.WhiteSmoke^ [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:cacaoweb =>PUP.CacaoWeb^ [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:EoRezo =>PUP.Eorezo^ [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]:autoupdater =>PUP.AgenceExclusive^ [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar]:{9E131A93-EED7-4BEB-B015-A0ADB30B5646} =>PUP.ClaroSearch C:\Users\Fille Marylène\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh =>PUP.Funmoods^ C:\Users\Fille Marylène\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikmanfpkongnopggnndbikhhicdpfka =>Adware.SPointer^ C:\Users\Fille Marylène\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl =>Adware.IMBooster^ C:\Users\Fille Marylène\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif =>PUP.WhiteSmoke^ C:\Users\Fille Marylène\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmblfngognklgemafekefcdjcnkdhmdm =>Adware.2YourFace^ C:\Program Files (x86)\Claro LTD =>PUP.ClaroSearch^ C:\Program Files (x86)\CrazyLoader =>Adware.SPointer^ C:\Program Files (x86)\eoRezo =>PUP.Eorezo^ C:\Program Files (x86)\Funmoods =>PUP.Funmoods^ C:\Program Files (x86)\Iminent =>Adware.IMBooster^ C:\Program Files (x86)\majpctuto =>PUP.AgenceExclusive^ C:\Program Files (x86)\majpctuto_fr_3 =>PUP.AgenceExclusive^ C:\Program Files (x86)\OfferBox =>PUP.OfferBox^ C:\Program Files (x86)\PCTuto =>PUP.AgenceExclusive^ C:\Program Files (x86)\RegClean Pro =>Rogue.RegistryPowerCleaner^ C:\Program Files (x86)\SweetIM =>PUP.SweetIM^ C:\Program Files (x86)\WhiteSmoke_US_New =>PUP.WhiteSmoke^ C:\ProgramData\BearShare =>PUP.BearShare^ C:\ProgramData\Iminent =>Adware.IMBooster^ C:\ProgramData\SweetIM =>PUP.SweetIM^ C:\Users\Fille Marylène\AppData\Roaming\2YourFace =>Adware.2YourFace^ C:\Users\Fille Marylène\AppData\Roaming\cacaoweb =>PUP.CacaoWeb^ C:\Users\Fille Marylène\AppData\Roaming\CrazyLoader =>Adware.SPointer^ C:\Users\Fille Marylène\AppData\Roaming\EoRezo =>PUP.Eorezo^ C:\Users\Fille Marylène\AppData\Roaming\Iminent =>Adware.IMBooster^ C:\Users\Fille Marylène\AppData\Roaming\OfferBox =>PUP.OfferBox^ C:\Users\Fille Marylène\AppData\Roaming\PCtuto =>PUP.AgenceExclusive^ C:\Users\Fille Marylène\AppData\Local\BearShare =>PUP.BearShare^ C:\Users\Fille Marylène\AppData\Local\crazyloader Air =>Adware.SPointer^ C:\Users\Fille Marylène\AppData\Local\eojet =>PUP.Eorezo^ C:\Users\Fille Marylène\AppData\Local\EoRezo =>PUP.Eorezo^ C:\Users\Fille Marylène\AppData\Local\pctuto_fr_3 =>PUP.AgenceExclusive^ C:\Users\Fille Marylène\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CrazyLoader =>Adware.SPointer^ C:\Program Files (x86)\BearShare Applications =>PUP.BearShare C:\Program Files (x86)\Conduit =>Toolbar.Conduit C:\ProgramData\Partner =>Spyware.Partner C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent =>Adware.IMBooster C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCTuto =>Spyware.AgenceExclusive C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro =>Rogue.RegistryPowerCleaner C:\Users\Fille Marylène\AppData\Local\Conduit =>Toolbar.Conduit C:\Users\Fille Marylène\AppData\Local\MAJTuto =>Spyware.AgenceExclusive C:\Users\Fille Marylène\AppData\LocalLow\Conduit =>Toolbar.Conduit C:\Users\Fille Marylène\AppData\LocalLow\mediabarbs =>PUP.BearShare C:\Users\Fille Marylène\AppData\LocalLow\WhiteSmoke_US_New =>PUP.Whitesmoke C:\Users\Fille Marylène\AppData\Local\Temp\Iminent =>Adware.IMBooster C:\Windows\Tasks\RegClean Pro_DEFAULT.job =>Rogue.RegistryPowerCleaner^ C:\Windows\Tasks\RegClean Pro_UPDATES.job =>Rogue.RegistryPowerCleaner^ [HKCU\Software\BearShare] =>PUP.BearShare^ [HKCU\Software\Claro LTD] =>PUP.ClaroSearch^ [HKCU\Software\Conduit] =>Toolbar.Conduit^ [HKCU\Software\EoRezo] =>PUP.Eorezo^ [HKCU\Software\TutoTag] =>Spyware.AgenceExclusive^ [HKCU\Software\tuto4pc] =>PUP.Eorezo^ [HKLM\Software\Wow6432Node\Claro LTD] =>PUP.ClaroSearch^ [HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^ [HKLM\Software\Wow6432Node\EoRezo] =>PUP.Eorezo^ [HKLM\Software\Wow6432Node\MajPCTuto] =>PUP.AgenceExclusive^ [HKLM\Software\Wow6432Node\WhiteSmoke_US_New] =>PUP.WhiteSmoke^ C:\Users\Fille Marylène\AppData\Local\Temp\2YourFace.exe =>Adware.2YourFace^ C:\Users\Fille Marylène\AppData\Local\Temp\BearShare_setup.exe =>PUP.BearShare^ C:\Users\Fille Marylène\AppData\Local\Temp\OB.exe =>Adware.SPointer^ C:\Users\Fille Marylène\AppData\Local\Temp\SetupAuto.exe =>Adware.2YourFace^ C:\Users\Fille Marylène\AppData\Local\Temp\SetupUpdater.exe =>Adware.2YourFace^ C:\Users\Fille Marylène\Desktop\20120702IminentSetup.exe =>Adware.IMBooster^ C:\Windows\Installer\1326b6.msi =>Adware.IMBooster^ C:\Windows\Installer\45322.msi =>PUP.SweetIM^ C:\Windows\Installer\45327.msi =>PUP.BearShare^ C:\Users\Fille Marylène\Downloads\cacaoweb.exe =>PUP.CacaoWeb C:\Users\Fille Marylène\AppData\Local\Temp\GoogleToolbarInstaller1.log =>PUP.Babylon C:\Users\Fille Marylène\AppData\Local\Temp\MyiClaroTB.exe =>PUP.ClaroSearch ~ Additionnel Scan: 327951 Items scanned in 00mn 55s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods ~ http://nicolascoolman.webs.com/apps/blog/show/27556476-adware-spointer =>Adware.SPointer ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster ~ http://nicolascoolman.webs.com/apps/blog/show/27636417-pup-whitesmoke =>PUP.WhiteSmoke ~ http://nicolascoolman.webs.com/apps/blog/show/26593722-adware-2yourface =>Adware.2YourFace ~ http://nicolascoolman.webs.com/apps/blog/show/27563212-pup-clarosearch =>PUP.ClaroSearch ~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr ~ http://nicolascoolman.webs.com/apps/blog/show/27469224-pup-eorezo =>PUP.EoRezo ~ http://nicolascoolman.webs.com/apps/blog/show/29295819-rogue-registrypowercleaner =>Rogue.RegistryPowerCleaner ~ http://nicolascoolman.webs.com/apps/blog/show/28606910-pup-offerbox =>PUP.OfferBox ~ http://nicolascoolman.webs.com/apps/blog/show/26705717-pup-bearshare =>PUP.BearShare ~ http://nicolascoolman.webs.com/apps/blog/show/27566847-pup-cacaoweb =>PUP.CacaoWeb ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit ~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM ~ http://nicolascoolman.webs.com/apps/blog/show/26627641-spyware-agenceexclusive =>Spyware.AgenceExclusive ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon ~ http://nicolascoolman.webs.com/apps/blog/show/28000037-pup-rewardsarcade =>PUP.RewardsArcade ~ http://nicolascoolman.webs.com/apps/blog/show/28863080-toolbar-kiwee =>PUP.Kiwee ~ http://nicolascoolman.webs.com/apps/blog/show/28441146-pup-imesh =>PUP.iMesh ~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo ~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma ~ http://nicolascoolman.webs.com/apps/blog/show/28193283-spyware-partner =>Spyware.Partner ~ MSI: 22 link(s) detected in 00mn 56s ~ 1259 Legitimates filtered by white list End of the scan (1265 lines in 03mn 54s)(0)