Rapport de ZHPDiag v2013.4.29.177 par Nicolas Coolman, Update du 29/04/2013
Run by jeremy at 29/04/2013 21:32:40
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by user


---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16540
MFIE: Mozilla Firefox 20.0.1 (Defaut)
GCIE: Google Chrome v25.0.1364.172
OPIE: Opera v12.12

---\\ Windows Product Information
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Protection
Malwarebytes Anti-Malware version 1.75.0.1300
Trend Micro Titanium v6.00
Spybot - Search & Destroy v1.6.2
Windows Defender W7

---\\ System Optimizer
CCleaner v4.00

---\\ Peer To Peer (P2P)
µTorrent v3.2.3.28705

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 17
Java 7 Update 21

---\\ System Information
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4095 MB (69% free)
System Restore: Activé (Enable)
System drive C: has 375 GB (64%) free of 584 GB

---\\ Logged in mode
~ Computer Name: JEREMY-PC
~ User Name: jeremy
~ All Users Names: jeremy, HomeGroupUser$, Autorisation, Administrateur, 
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\jeremy\AppData\Roaming\
~ %Desktop% : C:\Users\jeremy\Desktop\
~ %Favorites% : C:\Users\jeremy\Favorites\
~ %LocalAppData% : C:\Users\jeremy\AppData\Local\
~ %StartMenu% : C:\Users\jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 375 Go of 584 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 12 Go)
E:\ CD-ROM drive (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 36 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.753C0848AE7872A3F59663078A517293] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/02/2013 - 11:15:07.) -- C:\Windows\System32\wininet.dll [2240512]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 4/2263
~ Mes musiques (My Musics) : 2/4021
~ Mes Videos (My Videos) : 2/23
~ Mes Favoris (My Favorites) : 1/54
~ Mes Documents (My Documents) : 2/5257
~ Mon Bureau (My Desktop) : 3/11159
~ Menu demarrer (Programs) : 1/14
~ Hidden Files:  Scanned in 00mn 17s



---\\ Processus lancés
[MD5.2A3FB4C98F139038E23330D2439DB8A4] - (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\jeremy\AppData\Local\Facebook\Update\FacebookUpdate.exe   [138096] [PID.2488]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   [253816] [PID.3336]
[MD5.5516C26A6AF8EB4E2CAB48EC98A74398] - (.Hewlett-Packard - hpwuSchd Application.) -- c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe   [54576] [PID.3708]
[MD5.6F5386A655598F71BAAB2D6B63A69D6A] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe   [920472] [PID.4740]
[MD5.9213C294BBFCAA9AA063367A1647452B] - (.Alexander Roshal - WinRAR archiver.) -- C:\Program Files (x86)\WinRAR\WinRAR.exe   [1159168] [PID.3968]
[MD5.E508B0095D4871A6DB4AB32B878501EE] - (.Pas de propriétaire - hpgs2wnf Module.) -- C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe   [65536] [PID.4812]
[MD5.76B5DBAFD3E49DF607D0556018336AEF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [7089152] [PID.4116]
[MD5.85D5E6AC46A2AE4672C1AC813AE45B95] - (.Microsoft Corp. - Bing Desktop updating service.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe   [168592] [PID.1624]
[MD5.2238B91AC1A12CC6CC4C4FED41258B2A] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe   [73728] [PID.1828]
[MD5.837608240884733792DDAE81E50B802A] - (.Microsoft Corporation - SQL Server Windows NT.) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe   [29293408] [PID.1900]
[MD5.86EBD8B1F23E743AAD21F4D5B4D40985] - (.Microsoft Corporation - SQL Browser Service EXE.) -- c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe   [238944] [PID.384]
[MD5.01CC3B9349B244C752CDD99EFDA080BB] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe   [3560800] [PID.2300]
[MD5.794D4B48DFB6E999537C7C3947863463] - (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe   [1153368] [PID.2556]
~ Processes Running:  Scanned in 00mn 02s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\jeremy\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Chrome Web Store v.0.1 ()
G2 - GCE: Preference [User Data\Default] [eemcgdkfndhakfknompkggombfjjjeno] Bookmark Manager v.0.1 ()
G2 - GCE: Preference [User Data\Default] [fpgkjhpjldibdbbppfcabadmpfenkdfe] FS Extension v.1.0.0.3394 (Désactivé)
G2 - GCE: Preference [User Data\Default] [gkcbebbklfkjeocpmoamnopdllfekind] General Downloader plugin v.1.0.1 (Désactivé)
G2 - GCE: Preference [User Data\Default] [heoldelcflnigdllmlopiefhkkobendj] TrendMicro Toolbar v.6.0.0.1318, (Désactivé)
G2 - GCE: Preference [User Data\Default] [mfehgcgbbipciphmccgaenjidiccnmng] Cloud Print v.0.1 (Désactivé)
~ Google Browser:  Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Users\jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js
C:\Users\jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\0\user.js
C:\Users\jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\jeremy\prefs.js (.not file.)
C:\Users\jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\jeremy\user.js
M3 - MFPP: Plugins - [jeremy] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\fileserve.xml
M2 - MFEP: prefs.js [jeremy - 0\plugin@yontoo.com] [] Yontoo v1.20.00 (..)  =>PUP.Yontoo
M2 - MFEP: prefs.js [jeremy - jeremy\plugin@yontoo.com] [] Yontoo v1.20.00 (..)  =>PUP.Yontoo
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - 1.9.0042.0.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npLegitCheckPlugin.dll
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - 2.0.0048.0.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npOGAPlugin.dll
P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.3] - (.Pas de propriétaire - Provides additional functionality on Facebook. See <a href="http://www.) -- C:\Users\jeremy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.4] - (.Pas de propriétaire - Provides additional functionality on Facebook. See <a href="http://www.) -- C:\Users\jeremy\AppData\Roaming\Facebook\npfbplugin_1_0_4.dll
~ Firefox Browser: 30 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: (no name) [64Bits] - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Microsoft Corporation - Navigateur Internet.) (No version) -- (.not file.)
R3 - URLSearchHook: (no name) [64Bits] - {d7f26d0e-9801-45c3-a091-8a65e4ed73b5} . (.Microsoft Corporation - Navigateur Internet.) (No version) -- (.not file.)
~ IE Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\SysWOW64\userinit.exe,"C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe"
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: QFX Software KeyScrambler [64Bits] - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} . (.QFX Software Corporation - KeyScrambler Program DLL.) -- C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: IE AdBlock [64Bits] - {46B37057-5BA8-4014-B28D-6448FD171A3E} . (.CatenaLogic - Internet Explorer Browser Extension to bloc.) -- C:\Program Files (x86)\IE AdBlock\IE AdBlock.dll
O2 - BHO: Spybot-S&D IE Protection [64Bits] - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - SBSD IE Protection.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
~ BHO: 13 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
~ Toolbar:  Scanned in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Trend Micro Titanium] . (.Trend Micro Inc. - Trend Micro Client Main Console.) -- C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe 
O4 - HKLM\..\Run: [SmartMenu] . (.Pas de propriétaire - SmartMenu.) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe 
O4 - HKLM\..\Run: [Trend Micro Client Framework] . (.Trend Micro Inc. - Trend Micro Client Session Agent Monitor.) -- C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe 
O4 - HKLM\..\Run: [Zune Launcher] . (.Microsoft Corporation - Zune Auto-Launcher.) -- C:\Program Files\Zune\ZuneLauncher.exe 
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\jeremy\AppData\Local\Facebook\Update\FacebookUpdate.exe 
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe 
O4 - HKLM\..\Wow6432Node\Run: [BingDesktop] . (.Microsoft Corp. - Bing Desktop Application.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe 
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe 
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe 
O4 - HKUS\S-1-5-21-3817708357-2392638510-768260211-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\jeremy\AppData\Local\Facebook\Update\FacebookUpdate.exe 
O4 - HKUS\S-1-5-21-3817708357-2392638510-768260211-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe 
~ Application:  Scanned in 00mn 01s



---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: fTalk.lnk . (.Bandoo Media Inc. - fTalk.)  -- C:\Users\jeremy\AppData\Local\fTalk\ftalk.exe   =>Adware.Bandoo
O4 - GS\TaskBar: HP MediaSmart.lnk . (...)  -- C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (.not file.)
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
O4 - GS\TaskBar: Skype .lnk . (.Skype Technologies S.A. - Skype.)  -- C:\Program Files (x86)\Skype\Phone\Skype.exe 
O4 - GS\TaskBar: Windows Explorer (3).lnk . (.Microsoft Corporation - Explorateur Windows.)  -- C:\Windows\explorer.exe 
O4 - GS\TaskBar: Windows Explorer (4).lnk . (.Microsoft Corporation - Explorateur Windows.)  -- C:\Windows\explorer.exe 
O4 - GS\TaskBar: Windows Live Messenger .lnk . (.Microsoft Corporation - Windows Live Messenger.)  -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe 
O4 - GS\Programs: fTalk.lnk . (.Bandoo Media Inc. - fTalk.)  -- C:\Users\jeremy\AppData\Local\fTalk\ftalk.exe   =>Adware.Bandoo
O4 - GS\Programs: Jouer (GameXN).lnk . (.GameXN AS - Game Organizer.)  -- C:\ProgramData\GameXN\GameXNGO.exe 
O4 - GS\QuickLaunch: Easy Audio Cutter.lnk . (.Koyote Soft - Pas de description.)  -- C:\Program Files (x86)\Free Audio Pack\Easy Audio Cutter\AudioCutter.exe 
O4 - GS\QuickLaunch: Free CD Ripper.lnk . (.Koyote Soft - FreeCDRipper.)  -- C:\Program Files (x86)\Free Audio Pack\Free CD Ripper\FreeCDRipper.exe 
O4 - GS\QuickLaunch: Free Mp3 Wma Converter.lnk . (.Koyote Soft - Free Audio Converter.)  -- C:\Program Files (x86)\Free Audio Pack\FreeConverter\FreeConverter.exe 
O4 - GS\QuickLaunch: Free Music Zilla.lnk . (...)  -- C:\Program Files (x86)\Free Music Zilla\FMZilla.exe
O4 - GS\QuickLaunch: fTalk.lnk . (.Bandoo Media Inc. - fTalk.)  -- C:\Users\jeremy\AppData\Local\fTalk\ftalk.exe   =>Adware.Bandoo
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch: Mozilla Firefox 4.0 Beta 11.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\firefox.exe 
O4 - GS\QuickLaunch: PhotoScape.lnk . (...)  -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch: Picasa 3.lnk . (.Google Inc. - Picasa.)  -- C:\Program Files (x86)\Google\Picasa3\Picasa3.exe 
O4 - GS\QuickLaunch: Samsung Kies.lnk . (.Samsung - Kies.)  -- C:\Program Files (x86)\Samsung\Kies\Kies.exe 
O4 - GS\QuickLaunch: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.)  -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe 
O4 - GS\QuickLaunch: WildTangent Games App - hp.lnk . (.WildTangent - WildTangent Games App.)  -- C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe 
O4 - GS\QuickLaunch: Yahoo! Messenger.lnk . (.Yahoo! Inc. - Yahoo! Messenger.)  -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe 
O4 - GS\SendTo: AVS Mobile Uploader.lnk . (.Online Media Technologies Ltd. - AVS Mobile Uploader.)  -- C:\Program Files (x86)\Common Files\AVSMedia\MobileUploader\AVSMobileUploader.exe 
O4 - GS\SendTo: AVS Video Burner.lnk . (.Online Media Technologies Ltd. - AVS Video Burner.)  -- C:\Program Files (x86)\Common Files\AVSMedia\BurnerService\AVSVideoBurner.exe 
O4 - GS\SendTo: AVS Video Uploader.lnk . (.Online Media Technologies Ltd. - AVS Video Uploader.)  -- C:\Program Files (x86)\Common Files\AVSMedia\VideoUploader\AVSVideoUploader.exe 
O4 - GS\SendTo: Dossier de téléchargement Share-to-Web .lnk . (...)  -- C:\Users\jeremy\AppData\Roaming\Dossier de téléchargement Share-to-Web  
O4 - GS\SendTo: Format Factory.lnk . (.Free Time - FormatFactory.)  -- C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe 
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.)  -- C:\Program Files (x86)\Skype\Phone\Skype.exe 
O4 - Global Startup: C:\Users\jeremy\Desktop\(1) Céline Hamzaoui Carlieer.URL . (...)  -- C:\Users\jeremy\Desktop\(1) Céline Hamzaoui Carlieer.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\(3) Quelq'un personne....URL . (...)  -- C:\Users\jeremy\Desktop\(3) Quelq'un personne....URL
O4 - Global Startup: C:\Users\jeremy\Desktop\22 avril 2013 0058.URL . (...)  -- C:\Users\jeremy\Desktop\22 avril 2013 0058.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\A Bittersweet Life.URL . (...)  -- C:\Users\jeremy\Desktop\A Bittersweet Life.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Aide informatique HF, Emploi informatique et internet Carpentras - 84200.URL . (...)  -- C:\Users\jeremy\Desktop\Aide informatique HF, Emploi informatique et internet Carpentras - 84200.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Annael Ymcmb.URL . (...)  -- C:\Users\jeremy\Desktop\Annael Ymcmb.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Arek Aro - YouTube.URL . (...)  -- C:\Users\jeremy\Desktop\Arek Aro - YouTube.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Armand Pena feat. Monique – Party Life (Pena Brothers Remix) Dutch House Music.URL . (...)  -- C:\Users\jeremy\Desktop\Armand Pena feat. Monique – Party Life (Pena Brothers Remix) Dutch House Music.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Association Profil Facebook.URL . (...)  -- C:\Users\jeremy\Desktop\Association Profil Facebook.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Battle of Gods le nouveau film sur Dragon Ball Z qui sortira en 2013.URL . (...)  -- C:\Users\jeremy\Desktop\Battle of Gods le nouveau film sur Dragon Ball Z qui sortira en 2013.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\BBox Sensation vs Freebox Révolution vs SFR Box Evolution vs La Box de Numéricable vs LiveBox Orange Tableaux comparatifs - .URL . (...)  -- C:\Users\jeremy\Desktop\BBox Sensation vs Freebox Révolution vs SFR Box Evolution vs La Box de Numéricable vs LiveBox Orange Tableaux comparatifs - .URL
O4 - Global Startup: C:\Users\jeremy\Desktop\biddy.URL . (...)  -- C:\Users\jeremy\Desktop\biddy.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Blogger  Master-Music-Club - Tous les posts.URL . (...)  -- C:\Users\jeremy\Desktop\Blogger  Master-Music-Club - Tous les posts.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Chat with Kinkykortney in a Live Adult Video Chat Room Now.URL . (...)  -- C:\Users\jeremy\Desktop\Chat with Kinkykortney in a Live Adult Video Chat Room Now.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Chat with Marasquirts in a Live Adult Video Chat Room Now.URL . (...)  -- C:\Users\jeremy\Desktop\Chat with Marasquirts in a Live Adult Video Chat Room Now.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\CineCinema Premier HD la chaîne CineCinema Premier HD sur la TV par ADSL, satellite et fibre optique.URL . (...)  -- C:\Users\jeremy\Desktop\CineCinema Premier HD la chaîne CineCinema Premier HD sur la TV par ADSL, satellite et fibre optique.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Clickr.URL . (...)  -- C:\Users\jeremy\Desktop\Clickr.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Comment brancher mon home cinema avec ma tv lg - Yahoo! QuestionsRéponses.URL . (...)  -- C:\Users\jeremy\Desktop\Comment brancher mon home cinema avec ma tv lg - Yahoo! QuestionsRéponses.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Comment savoir si j'ai une sortie SPDIF (optique jack) (Clubic.com).URL . (...)  -- C:\Users\jeremy\Desktop\Comment savoir si j'ai une sortie SPDIF (optique jack) (Clubic.com).URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Connecting GO and Skype GameXN.URL . (...)  -- C:\Users\jeremy\Desktop\Connecting GO and Skype GameXN.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Convertisseur MP3 Youtube - Video2MP3.URL . (...)  -- C:\Users\jeremy\Desktop\Convertisseur MP3 Youtube - Video2MP3.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\coqnue - Recherche Google.URL . (...)  -- C:\Users\jeremy\Desktop\coqnue - Recherche Google.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Creer-personnaliser.com - personnaliser un tee shirt homme ou imprimer un vêtement.URL . (...)  -- C:\Users\jeremy\Desktop\Creer-personnaliser.com - personnaliser un tee shirt homme ou imprimer un vêtement.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Dancefloor 2013 » Ultimate-Telechargementz.URL . (...)  -- C:\Users\jeremy\Desktop\Dancefloor 2013 » Ultimate-Telechargementz.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Debrideur Mixturevideo Purevid gratuit.URL . (...)  -- C:\Users\jeremy\Desktop\Debrideur Mixturevideo Purevid gratuit.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Dijay Vod-k.URL . (...)  -- C:\Users\jeremy\Desktop\Dijay Vod-k.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\DJ-Mix-Radio.URL . (...)  -- C:\Users\jeremy\Desktop\DJ-Mix-Radio.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\DoVisio simple visiochat.URL . (...)  -- C:\Users\jeremy\Desktop\DoVisio simple visiochat.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Download Skype 5.3.0.111 for Windows - OldVersion.com.URL . (...)  -- C:\Users\jeremy\Desktop\Download Skype 5.3.0.111 for Windows - OldVersion.com.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Dvdrip Uptobox - Telecharger Films Dvdrip sur Uptobox.URL . (...)  -- C:\Users\jeremy\Desktop\Dvdrip Uptobox - Telecharger Films Dvdrip sur Uptobox.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Electro Acapella Mp3 Download.URL . (...)  -- C:\Users\jeremy\Desktop\Electro Acapella Mp3 Download.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Espace Assistance.URL . (...)  -- C:\Users\jeremy\Desktop\Espace Assistance.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Espace Demandeurs d'emploi - site pole-emploi.fr.URL . (...)  -- C:\Users\jeremy\Desktop\Espace Demandeurs d'emploi - site pole-emploi.fr.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\F-Secure Health Check.url . (...)  -- C:\Users\jeremy\Desktop\F-Secure Health Check.url
O4 - Global Startup: C:\Users\jeremy\Desktop\Facebook.URL . (...)  -- C:\Users\jeremy\Desktop\Facebook.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Fiche de Cendriellax3.URL . (.Facebook Inc. - Setup.)  -- C:\Users\jeremy\Desktop\Fiche de Cendriellax3.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Fiche de x-atoidevoir-x.URL . (.Facebook Inc. - Setup.)  -- C:\Users\jeremy\Desktop\Fiche de x-atoidevoir-x.URL
O4 - GS\Desktop: Format Factory.lnk . (.Free Time - FormatFactory.)  -- C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe 
O4 - Global Startup: C:\Users\jeremy\Desktop\Francisca Piera Garcia.URL . (.Free Time - FormatFactory.)  -- C:\Users\jeremy\Desktop\Francisca Piera Garcia.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Fun Radio DJ At Work (2013) Rapidshare MediaFire Torrent.URL . (.Free Time - FormatFactory.)  -- C:\Users\jeremy\Desktop\Fun Radio DJ At Work (2013) Rapidshare MediaFire Torrent.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Fun Radio est désormais diffusée en Espagne!.URL . (.Free Time - FormatFactory.)  -- C:\Users\jeremy\Desktop\Fun Radio est désormais diffusée en Espagne!.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Fun Radio est maintenant diffusée en Espagne ! Télé Star.URL . (.Free Time - FormatFactory.)  -- C:\Users\jeremy\Desktop\Fun Radio est maintenant diffusée en Espagne ! Télé Star.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Fun Radio, escucha el sonido dancefloor en directo.URL . (.Free Time - FormatFactory.)  -- C:\Users\jeremy\Desktop\Fun Radio, escucha el sonido dancefloor en directo.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Fun rádio.URL . (.Free Time - FormatFactory.)  -- C:\Users\jeremy\Desktop\Fun rádio.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Google Traduction.URL . (...)  -- C:\Users\jeremy\Desktop\Google Traduction.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Gratis Download fTalk v3 aplikasi khusus Chating Facebook..URL . (...)  -- C:\Users\jeremy\Desktop\Gratis Download fTalk v3 aplikasi khusus Chating Facebook..URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Greasespot.URL . (...)  -- C:\Users\jeremy\Desktop\Greasespot.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\ileProtect - Protegez vos liens Rapidshare Uptobox.URL . (...)  -- C:\Users\jeremy\Desktop\ileProtect - Protegez vos liens Rapidshare Uptobox.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Inscrivez-vous gratuitement sur Oopad!.URL . (...)  -- C:\Users\jeremy\Desktop\Inscrivez-vous gratuitement sur Oopad!.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\J'ai desactiver Windows update (résolu) - Forums Micro Hebdo.URL . (...)  -- C:\Users\jeremy\Desktop\J'ai desactiver Windows update (résolu) - Forums Micro Hebdo.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\j'aime me doigter - Recherche Google.URL . (...)  -- C:\Users\jeremy\Desktop\j'aime me doigter - Recherche Google.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\jeremy torronteras (jeremytorronter) sur Twitter.URL . (...)  -- C:\Users\jeremy\Desktop\jeremy torronteras (jeremytorronter) sur Twitter.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\JONGUESS Blogueur influent Wikipédia supprime la fiche de Nabilla !.URL . (...)  -- C:\Users\jeremy\Desktop\JONGUESS Blogueur influent Wikipédia supprime la fiche de Nabilla !.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Jose De Rico - Sientelo vidéo musicale sur MUZU.TV.URL . (...)  -- C:\Users\jeremy\Desktop\Jose De Rico - Sientelo vidéo musicale sur MUZU.TV.URL
O4 - GS\Desktop: Jouer (GameXN).lnk . (.GameXN AS - Game Organizer.)  -- C:\ProgramData\GameXN\GameXNGO.exe 
O4 - Global Startup: C:\Users\jeremy\Desktop\Julie Toupet.URL . (.GameXN AS - Game Organizer.)  -- C:\Users\jeremy\Desktop\Julie Toupet.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Justine Barghout (Variétés) - ZicMeUp.URL . (.GameXN AS - Game Organizer.)  -- C:\Users\jeremy\Desktop\Justine Barghout (Variétés) - ZicMeUp.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Justine L'Samra Musique gratuite, dates de tournées, photos, vidéos.URL . (.GameXN AS - Game Organizer.)  -- C:\Users\jeremy\Desktop\Justine L'Samra Musique gratuite, dates de tournées, photos, vidéos.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\krewela - alive - Recherche Google.URL . (.GameXN AS - Game Organizer.)  -- C:\Users\jeremy\Desktop\krewela - alive - Recherche Google.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\L'accès à la configuration de votre box (Numericable) Panoptinet.URL . (.GameXN AS - Game Organizer.)  -- C:\Users\jeremy\Desktop\L'accès à la configuration de votre box (Numericable) Panoptinet.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\la vieille est vraiment OUF MDR aimez et partagez !.URL . (.GameXN AS - Game Organizer.)  -- C:\Users\jeremy\Desktop\la vieille est vraiment OUF MDR aimez et partagez !.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Laura Gft.URL . (.GameXN AS - Game Organizer.)  -- C:\Users\jeremy\Desktop\Laura Gft.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Le Miel et les Abeilles - Page 22.URL . (.GameXN AS - Game Organizer.)  -- C:\Users\jeremy\Desktop\Le Miel et les Abeilles - Page 22.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Lepetitjournal.com - COMMUNAUTE - Fun Radio débarque en Espagne ! Et devient Loca Fun Radio.URL . (.GameXN AS - Game Organizer.)  -- C:\Users\jeremy\Desktop\Lepetitjournal.com - COMMUNAUTE - Fun Radio débarque en Espagne ! Et devient Loca Fun Radio.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Les Années fac en streaming - DpStream.URL . (.GameXN AS - Game Organizer.)  -- C:\Users\jeremy\Desktop\Les Années fac en streaming - DpStream.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Les mises à jour - LaBox.URL . (.GameXN AS - Game Organizer.)  -- C:\Users\jeremy\Desktop\Les mises à jour - LaBox.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Levito vs Garmiani - Now That We Found ID (Levito Bootleg) - YouTube.URL . (.GameXN AS - Game Organizer.)  -- C:\Users\jeremy\Desktop\Levito vs Garmiani - Now That We Found ID (Levito Bootleg) - YouTube.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\LG 47LM615S Support Trouvez des manuels & Information de garantie LG France.URL . (.GameXN AS - Game Organizer.)  -- C:\Users\jeremy\Desktop\LG 47LM615S Support Trouvez des manuels & Information de garantie LG France.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Listes des séries (2409) - Planet Series - Séries rapidshare, multiupload, séries streaming, télécharger gratuitement vos sé.URL . (.GameXN AS - Game Organizer.)  -- C:\Users\jeremy\Desktop\Listes des séries (2409) - Planet Series - Séries rapidshare, multiupload, séries streaming, télécharger gratuitement vos sé.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\lumidee-vs--fatman-scoop---dance-2013--original-mix - Recherche Google.URL . (...)  -- C:\Users\jeremy\Desktop\lumidee-vs--fatman-scoop---dance-2013--original-mix - Recherche Google.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Lupe Fuentes and THE EX GIRLFRIENDS- Whatchya Lookin At- - YouTube.url . (...)  -- C:\Users\jeremy\Desktop\Lupe Fuentes and THE EX GIRLFRIENDS- Whatchya Lookin At- - YouTube.url
O4 - Global Startup: C:\Users\jeremy\Desktop\mange des tomates mon amour - Recherche Google.URL . (...)  -- C:\Users\jeremy\Desktop\mange des tomates mon amour - Recherche Google.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Manon Galera (Manon) sur Myspace.URL . (...)  -- C:\Users\jeremy\Desktop\Manon Galera (Manon) sur Myspace.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Manzai's Blog.URL . (...)  -- C:\Users\jeremy\Desktop\Manzai's Blog.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Meliss Jecpa.URL . (...)  -- C:\Users\jeremy\Desktop\Meliss Jecpa.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Messenger - Microsoft Windows.URL . (...)  -- C:\Users\jeremy\Desktop\Messenger - Microsoft Windows.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Met un ? si qlq....URL . (...)  -- C:\Users\jeremy\Desktop\Met un ? si qlq....URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Microsoft Update.URL . (...)  -- C:\Users\jeremy\Desktop\Microsoft Update.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Nos animateur Radio Mix Floor.URL . (...)  -- C:\Users\jeremy\Desktop\Nos animateur Radio Mix Floor.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Numericable TV liste des chaines TV et bouquets diffusés par Numericable.URL . (...)  -- C:\Users\jeremy\Desktop\Numericable TV liste des chaines TV et bouquets diffusés par Numericable.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Numericable va ajouter plus d’une dizaine de chaînes en Haute Définition ! HD-Motion.URL . (...)  -- C:\Users\jeremy\Desktop\Numericable va ajouter plus d’une dizaine de chaînes en Haute Définition ! HD-Motion.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Obenez votre Xbox gratuit live maintenant!.URL . (...)  -- C:\Users\jeremy\Desktop\Obenez votre Xbox gratuit live maintenant!.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\oppo finder - Recherche Google.URL . (...)  -- C:\Users\jeremy\Desktop\oppo finder - Recherche Google.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Patch Anti mise à jour pour WLM 2009 14.0.8089.726 (QFE2).URL . (...)  -- C:\Users\jeremy\Desktop\Patch Anti mise à jour pour WLM 2009 14.0.8089.726 (QFE2).URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Petites Annonces Gratuites Provence-Alpes-Côte d'Azur. VivaStreet le N°1 de l'Annonce Gratuite Provence-Alpes-Côte d'Azur.URL . (...)  -- C:\Users\jeremy\Desktop\Petites Annonces Gratuites Provence-Alpes-Côte d'Azur. VivaStreet le N°1 de l'Annonce Gratuite Provence-Alpes-Côte d'Azur.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Photos du journal.URL . (...)  -- C:\Users\jeremy\Desktop\Photos du journal.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Problème Windows update.URL . (...)  -- C:\Users\jeremy\Desktop\Problème Windows update.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Profil - juliette535 - Club Doctissimo.URL . (...)  -- C:\Users\jeremy\Desktop\Profil - juliette535 - Club Doctissimo.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Profil - Lucie-83 - Club Doctissimo.URL . (...)  -- C:\Users\jeremy\Desktop\Profil - Lucie-83 - Club Doctissimo.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\QueDeLaZic.URL . (...)  -- C:\Users\jeremy\Desktop\QueDeLaZic.URL
O4 - GS\Desktop: Revo Uninstaller.lnk . (.VS Revo Group - Revo Uninstaller.)  -- C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe 
O4 - Global Startup: C:\Users\jeremy\Desktop\Romane Noel.URL . (.VS Revo Group - Revo Uninstaller.)  -- C:\Users\jeremy\Desktop\Romane Noel.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Résultats des examens.URL . (.VS Revo Group - Revo Uninstaller.)  -- C:\Users\jeremy\Desktop\Résultats des examens.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Résultats Google Recherche d'images correspondant à httpwww.seeklogo.comimagesMMusicMonster_FM-logo-B7D623A2E3-seeklogo.com..URL . (.VS Revo Group - Revo Uninstaller.)  -- C:\Users\jeremy\Desktop\Résultats Google Recherche d'images correspondant à httpwww.seeklogo.comimagesMMusicMonster_FM-logo-B7D623A2E3-seeklogo.com..URL
O4 - Global Startup: C:\Users\jeremy\Desktop\SANDRATRYRADIO (99_illana) sur Twitter.URL . (.VS Revo Group - Revo Uninstaller.)  -- C:\Users\jeremy\Desktop\SANDRATRYRADIO (99_illana) sur Twitter.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Scooter - 4 AM (Official Video) - YouTube.URL . (...)  -- C:\Users\jeremy\Desktop\Scooter - 4 AM (Official Video) - YouTube.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Spotify Web Player.URL . (...)  -- C:\Users\jeremy\Desktop\Spotify Web Player.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Stream Live Video on Twitter from twitcam- powered by Livestream.URL . (...)  -- C:\Users\jeremy\Desktop\Stream Live Video on Twitter from twitcam- powered by Livestream.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Subway Surf for PC.URL . (...)  -- C:\Users\jeremy\Desktop\Subway Surf for PC.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Subway Surfers Free Game www.FlashGamesPlayer.com.URL . (...)  -- C:\Users\jeremy\Desktop\Subway Surfers Free Game www.FlashGamesPlayer.com.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Telecharger Les 40 Tubes Les Plus Joues En Club – Janvier 2013 MP3 GRATUIT.URL . (...)  -- C:\Users\jeremy\Desktop\Telecharger Les 40 Tubes Les Plus Joues En Club – Janvier 2013 MP3 GRATUIT.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\TF1 répond à Rémi Gaillard après avoir été piégé par l'humoriste.URL . (...)  -- C:\Users\jeremy\Desktop\TF1 répond à Rémi Gaillard après avoir été piégé par l'humoriste.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\toslink - Recherche Google.URL . (...)  -- C:\Users\jeremy\Desktop\toslink - Recherche Google.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Trend Micro Titanium Antivirus+ 2013 - Les tests - InfoMars.fr.URL . (...)  -- C:\Users\jeremy\Desktop\Trend Micro Titanium Antivirus+ 2013 - Les tests - InfoMars.fr.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\TRY RADIO - YouTube.URL . (...)  -- C:\Users\jeremy\Desktop\TRY RADIO - YouTube.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Try Radio -.URL . (...)  -- C:\Users\jeremy\Desktop\Try Radio -.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\TRYRADIO NIMES - A suivre Inconnu - Inconnu.URL . (...)  -- C:\Users\jeremy\Desktop\TRYRADIO NIMES - A suivre Inconnu - Inconnu.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\TRYRADIO NIMES - This stream is not broadcasting.URL . (...)  -- C:\Users\jeremy\Desktop\TRYRADIO NIMES - This stream is not broadcasting.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\tryradio nimes on USTREAM tryradio le son dancefloor. Radio.URL . (...)  -- C:\Users\jeremy\Desktop\tryradio nimes on USTREAM tryradio le son dancefloor. Radio.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\TV Underground.URL . (...)  -- C:\Users\jeremy\Desktop\TV Underground.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Twitter Recherche - #TRYRADIO.URL . (...)  -- C:\Users\jeremy\Desktop\Twitter Recherche - #TRYRADIO.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Twitter Recherche - tryradio.URL . (...)  -- C:\Users\jeremy\Desktop\Twitter Recherche - tryradio.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Téléchargements - Outils de Xplode - WinUpdateFix.URL . (...)  -- C:\Users\jeremy\Desktop\Téléchargements - Outils de Xplode - WinUpdateFix.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Télécharger 34020101.rar - BitShare.com - Free File Hosting and Cloud Storage.URL . (...)  -- C:\Users\jeremy\Desktop\Télécharger 34020101.rar - BitShare.com - Free File Hosting and Cloud Storage.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Télécharger Les Profs - Films en DVDRip.URL . (...)  -- C:\Users\jeremy\Desktop\Télécharger Les Profs - Films en DVDRip.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Télécharger Mise à jour de sécurité pour Microsoft .NET Framework 4 depuis le Centre de téléchargement officiel Microsoft.URL . (...)  -- C:\Users\jeremy\Desktop\Télécharger Mise à jour de sécurité pour Microsoft .NET Framework 4 depuis le Centre de téléchargement officiel Microsoft.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Télécharger Outil d’analyse de l’installation conforme des mises à jour du système pour Windows 7 pour ordinateurs à process.URL . (...)  -- C:\Users\jeremy\Desktop\Télécharger Outil d’analyse de l’installation conforme des mises à jour du système pour Windows 7 pour ordinateurs à process.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Télécharger TOP 30 ELECTRO DIRTY (2013).URL . (...)  -- C:\Users\jeremy\Desktop\Télécharger TOP 30 ELECTRO DIRTY (2013).URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Une mise à jour des positions sexuelles.URL . (...)  -- C:\Users\jeremy\Desktop\Une mise à jour des positions sexuelles.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Untitled.URL . (...)  -- C:\Users\jeremy\Desktop\Untitled.URL
O4 - GS\Desktop: Update Checker.lnk . (.FileHippo.com - FileHippo.com Update Checker.)  -- C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe 
O4 - Global Startup: C:\Users\jeremy\Desktop\VA – Blanco Y Negro DJ Series Vol.01-2CD-2013-EiTheLMP3 » Mediafire.vc.URL . (.FileHippo.com - FileHippo.com Update Checker.)  -- C:\Users\jeremy\Desktop\VA – Blanco Y Negro DJ Series Vol.01-2CD-2013-EiTheLMP3 » Mediafire.vc.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Vandal - Ragga Hardtek Mix 2011 - YouTube.URL . (.FileHippo.com - FileHippo.com Update Checker.)  -- C:\Users\jeremy\Desktop\Vandal - Ragga Hardtek Mix 2011 - YouTube.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Voyage en Corse 'Récit Hétéro - Récits érotiques - FORUM sexualité.URL . (.FileHippo.com - FileHippo.com Update Checker.)  -- C:\Users\jeremy\Desktop\Voyage en Corse 'Récit Hétéro - Récits érotiques - FORUM sexualité.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Watch Dj jayjay Mix electro 2011 torronteras Episodes Videos Blip.URL . (.FileHippo.com - FileHippo.com Update Checker.)  -- C:\Users\jeremy\Desktop\Watch Dj jayjay Mix electro 2011 torronteras Episodes Videos Blip.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Wildlife Conservation Society Win an iPad.URL . (...)  -- C:\Users\jeremy\Desktop\Wildlife Conservation Society Win an iPad.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Windows Live Messenger 9 BETA Finale.URL . (...)  -- C:\Users\jeremy\Desktop\Windows Live Messenger 9 BETA Finale.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\[Tutoriel] Configurer Free Mobile sur votre Nokia en 1 minute ! (Symbian, MeeGo, Windows Phone, Maemo) NokiaPhones.fr.URL . (.Nicolas Coolman - ZHPDiag.)  -- C:\Users\jeremy\Desktop\[Tutoriel] Configurer Free Mobile sur votre Nokia en 1 minute ! (Symbian, MeeGo, Windows Phone, Maemo) NokiaPhones.fr.URL
O4 - GS\TaskBar: HPAdvisor.lnk . (.Hewlett-Packard - HP Advisor.)  -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe 
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.)  -- C:\Windows\explorer.exe 
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.)  -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe 
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.)  -- C:\Windows\system32\eudcedit.exe 
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft  Windows Fax and Scan.)  -- C:\Windows\system32\WFS.exe 
O4 - Global Startup: C:\Users\Autorisation\Desktop\Blacklight Retribution - FPS Free to Play.URL . (...)  -- C:\Users\Autorisation\Desktop\Blacklight Retribution - FPS Free to Play.URL
O4 - GS\Desktop: Glary Utilities.lnk . (.Glarysoft Ltd - Glary Utilities.)  -- C:\Program Files (x86)\Glary Utilities\Integrator.exe 
O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
O4 - GS\Desktop: HiJackThis.lnk . (.Trend Micro Inc. - HijackThis.)  -- C:\Users\Autorisation\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 
O4 - Global Startup: C:\Users\Autorisation\Desktop\JEU SUPER MARIO BROS DELUXE Gratuit sur JEU .info.URL . (...)  -- C:\Users\Autorisation\Desktop\JEU SUPER MARIO BROS DELUXE Gratuit sur JEU .info.URL
O4 - Global Startup: C:\Users\Autorisation\Desktop\LaBox Numericable comment bien choisir son canal Wi-Fi Panoptinet.URL . (...)  -- C:\Users\Autorisation\Desktop\LaBox Numericable comment bien choisir son canal Wi-Fi Panoptinet.URL
O4 - Global Startup: C:\Users\Autorisation\Desktop\Magic Desktop - Laissez votre ordinateur jouer les nounous !.URL . (...)  -- C:\Users\Autorisation\Desktop\Magic Desktop - Laissez votre ordinateur jouer les nounous !.URL
O4 - GS\Desktop: Magic Desktop.lnk . (.EasyBits Software AS - EasyBits Security Shield.)  -- C:\Program Files (x86)\EasyBits For Kids\ezSecShield.exe 
O4 - Global Startup: C:\Users\Autorisation\Desktop\Media center et partage de contenus du serveur multimédia - LaBox.URL . (.EasyBits Software AS - EasyBits Magic Desktop Setup.)  -- C:\Users\Autorisation\Desktop\Media center et partage de contenus du serveur multimédia - LaBox.URL
O4 - Global Startup: C:\Users\Autorisation\Desktop\Nokia Lumia 610 Téléchargements - Nokia - France.URL . (.EasyBits Software AS - EasyBits Magic Desktop Setup.)  -- C:\Users\Autorisation\Desktop\Nokia Lumia 610 Téléchargements - Nokia - France.URL
O4 - Global Startup: C:\Users\Autorisation\Desktop\Nostalgie Tv - Chaine télé de divertissement.URL . (...)  -- C:\Users\Autorisation\Desktop\Nostalgie Tv - Chaine télé de divertissement.URL
O4 - Global Startup: C:\Users\Autorisation\Desktop\Page de démarrage de Mozilla Firefox.URL . (...)  -- C:\Users\Autorisation\Desktop\Page de démarrage de Mozilla Firefox.URL
O4 - Global Startup: C:\Users\Autorisation\Desktop\Paramétrage.URL . (...)  -- C:\Users\Autorisation\Desktop\Paramétrage.URL
O4 - Global Startup: C:\Users\Autorisation\Desktop\PARE FEU WINDOWS DESACTIVE A CHAQUE DEMARRAGE - Forums Zebulon.fr.URL . (...)  -- C:\Users\Autorisation\Desktop\PARE FEU WINDOWS DESACTIVE A CHAQUE DEMARRAGE - Forums Zebulon.fr.URL
O4 - Global Startup: C:\Users\Autorisation\Desktop\Photos chat Gouttière, photos de chats de race Gouttière - Wamiz.URL . (...)  -- C:\Users\Autorisation\Desktop\Photos chat Gouttière, photos de chats de race Gouttière - Wamiz.URL
O4 - GS\Desktop: PhotoScape.lnk . (...)  -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - Global Startup: C:\Users\Autorisation\Desktop\Races de chats classées par noms - Wamiz.URL . (...)  -- C:\Users\Autorisation\Desktop\Races de chats classées par noms - Wamiz.URL
O4 - Global Startup: C:\Users\Autorisation\Desktop\restaurant le forum - MENU.url . (...)  -- C:\Users\Autorisation\Desktop\restaurant le forum - MENU.url
O4 - Global Startup: C:\Users\Autorisation\Desktop\theHunter.URL . (...)  -- C:\Users\Autorisation\Desktop\theHunter.URL
O4 - GS\Desktop: Trend Micro Titanium.lnk . (...)  -- C:\Program Files (x86)\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (.not file.)
O4 - Global Startup: C:\Users\Autorisation\Desktop\Une mise à jour mineure pour FireFox la version 19.0.2 - Presse Electronique - lelectronique.com - Lu dans la Presse.URL . (...)  -- C:\Users\Autorisation\Desktop\Une mise à jour mineure pour FireFox la version 19.0.2 - Presse Electronique - lelectronique.com - Lu dans la Presse.URL
O4 - Global Startup: C:\Users\Autorisation\Desktop\Une mise à jour mineure pour FireFox la version 19.0.2 Bhmag.URL . (...)  -- C:\Users\Autorisation\Desktop\Une mise à jour mineure pour FireFox la version 19.0.2 Bhmag.URL
O4 - GS\Desktop: Virtual DJ Home.lnk . (.Atomix Productions - VirtualDJ.)  -- C:\Program Files (x86)\VirtualDJ\virtualdj_home.exe 
O4 - Global Startup: C:\Users\Autorisation\Desktop\Virus 100 euro d'amende solution - YouTube.URL . (.Atomix Productions - VirtualDJ.)  -- C:\Users\Autorisation\Desktop\Virus 100 euro d'amende solution - YouTube.URL
O4 - Global Startup: C:\Users\Autorisation\Desktop\Widestream 6.URL . (.Atomix Productions - VirtualDJ.)  -- C:\Users\Autorisation\Desktop\Widestream 6.URL  =>Adware.SPointer
~ Global Startup:  Scanned in 00mn 13s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MIF5BA~1\Office14\ONBttnIE.dll
O9 - Extra button: &KeyScrambler Options [64Bits] - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} -- Clé orpheline
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MIF5BA~1\Office14\ONBTTN~1.dll
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A76E9CDF-7D92-49D0-A740-4487B3F4A1C4}: NameServer = 212.73.209.226,86.64.145.143
O17 - HKLM\System\CCS\Services\Tcpip\..\{A76E9CDF-7D92-49D0-A740-4487B3F4A1C4}: DhcpNameServer = 8.26.56.26 8.20.247.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{A76E9CDF-7D92-49D0-A740-4487B3F4A1C4}: NameServer = 212.73.209.226,86.64.145.143
O17 - HKLM\System\CS1\Services\Tcpip\..\{A76E9CDF-7D92-49D0-A740-4487B3F4A1C4}: DhcpNameServer = 8.26.56.26 8.20.247.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{A76E9CDF-7D92-49D0-A740-4487B3F4A1C4}: NameServer = 212.73.209.226,86.64.145.143
O17 - HKLM\System\CS2\Services\Tcpip\..\{A76E9CDF-7D92-49D0-A740-4487B3F4A1C4}: DhcpNameServer = 8.26.56.26 8.20.247.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.26.56.26 8.20.247.20
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) -- 
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: WB . (...) -- C:\Program Files (x86)\Stardock\OBJECT~1\WINDOW~1\fast64.dll (.not file.)
~ Winlogon:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: SBSD Security Center Service (SBSDWSCService) . (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Threatdiction Web Filtring (Threatdiction Web Filtring) . (...) - C:\Program Files (x86)\Threatdiction\Threatdiction.exe (.not file.)
~ Services: 8 Legitimates Filtered in 00mn 06s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{28D8D3F5-D02B-445C-9764-AA9472DC4B3F}] (...) -- C:\Users\jeremy\Desktop\ChevronWP7.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{38B9E8C5-3006-490F-BE27-A4CB3CC261BC}] (...) -- C:\Users\jeremy\Desktop\sunbelt-personal-firewall-ex-kerio_sunbelt_personal_firewall_ex_kerio_4.6.1861_francais_11071.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{6C93A53A-19BA-41B0-AB7D-743057B4AE73}] (...) -- C:\Users\jeremy\Desktop\sp54620.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{CE1310FC-C367-430B-A4A0-57B09D40FCC5}] (...) -- C:\Users\jeremy\Desktop\sp52110.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{D50811A6-405D-4AB2-9FED-DFE5A270AA26}] (...) -- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par d‚faut\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\Setup.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{E747CB64-18F0-46A0-ABD8-C1FF08AE0AFA}] (...) -- C:\Users\jeremy\Desktop\sp45602.exe (.not file.)   [0]
~ Scheduled Task: 37 Legitimates Filtered in 00mn 07s



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: ctredr15.sys (ctredr15.sys) . (. - .) - C:\Windows\system32\drivers\ctredr15.sys (.not file.)
~ Drivers: 75 Legitimates Filtered in 00mn 01s



---\\ Logiciels installés (O42)
O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {497BCFDD-F589-448D-A1C3-78D1B1809CCC}  =>Adware.Boxore
O42 - Logiciel: BrowseToSave - (...) [HKLM][64Bits] -- {161EE7C5-2C54-4BE7-A90C-6476CDFDC533}  =>Adware.Browse2Save
O42 - Logiciel: CityVilleBot - (.CityVilleBot.) [HKLM][64Bits] -- {AC7EDC76-DE45-4BC3-BC4F-3273F0836464}_is1
O42 - Logiciel: CocoLogo 3D Screensaver - (...) [HKLM][64Bits] -- CocoLogo3D_is1
O42 - Logiciel: Desinstalar COMECOCOS LOCO - (...) [HKLM][64Bits] -- Desinstalar COMECOCOS LOCO
O42 - Logiciel: FixMessenger - (...) [HKLM][64Bits] -- FixMessenger
O42 - Logiciel: Free Music Zilla - (.FreeMusicZilla.com.) [HKLM][64Bits] -- Free Music Zilla_is1
O42 - Logiciel: General Module - (.PixArt Imaging Inc..) [HKLM][64Bits] -- {F80DDFFD-D030-4CCC-AF03-BD8EEE5E20ED}
O42 - Logiciel: GoforFiles - (.http://www.goforfiles.com/.) [HKCU][64Bits] -- GoforFiles  =>P2P.GoforFiles
O42 - Logiciel: IE AdBlock - (.CatenaLogic.) [HKLM][64Bits] -- IE AdBlock_is1
O42 - Logiciel: NudgeMania 4.1 for Messenger - (.Sherv.NET.) [HKLM][64Bits] -- NudgeMania 4.1 for Messenger
O42 - Logiciel: Orb - (.Orb Networks.) [HKLM][64Bits] -- Orb
O42 - Logiciel: Orb Mini Controller - (.Orb Networks.) [HKLM][64Bits] -- Orb Mini Controller
O42 - Logiciel: Orb Runtime libraries - (.Orb Networks, Inc..) [HKLM][64Bits] -- {2133CB3F-F891-4081-8681-FEE2B2419FF4}
O42 - Logiciel: OtsTurntables Free 1.00.027 - (...) [HKLM][64Bits] -- OtsTurntables Free
O42 - Logiciel: PAP7501 - (.Nom de votre société.) [HKLM][64Bits] -- {C6A0FD8A-F107-44CA-AA1B-49341936F76A}
O42 - Logiciel: Tactile12000 2.1 - (...) [HKLM][64Bits] -- Tactile12000 2.1
~ Logic: 313 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ahusoft]
[HKCU\Software\AppDataLow\Software\vmnantiphishing_ad]
[HKCU\Software\Audiggle LTD]
[HKCU\Software\BlaCk.HaCk]
[HKCU\Software\DefRow]
[HKCU\Software\Dolwin Emulator]
[HKCU\Software\Download Service Utility]
[HKCU\Software\FLXP]
[HKCU\Software\GeneralDownloader]
[HKCU\Software\Kiloo Games]
[HKCU\Software\KoroSoft]
[HKCU\Software\Matt Holwood]
[HKCU\Software\Mudlord]
[HKCU\Software\N3WT0N]
[HKCU\Software\NSWB]
[HKCU\Software\NSeries]
[HKCU\Software\NudgeMania]
[HKCU\Software\Pogo]
[HKCU\Software\Positech]
[HKCU\Software\RICEVIDEO]
[HKCU\Software\Sesam.tv]
[HKCU\Software\Sherv.NET]
[HKCU\Software\SurfRight]
[HKCU\Software\Switlle]
[HKCU\Software\ViC.MeDox]
[HKCU\Software\ViewOnTV]
[HKCU\Software\amly-dz@hotmail.com]
[HKCU\Software\mhk2]
[HKLM\Software\CrazyLoader]
[HKLM\Software\SurfRight]
[HKLM\Software\Wow6432Node\Agnitum]
[HKLM\Software\Wow6432Node\Free Music Zilla]
[HKLM\Software\Wow6432Node\GameEx]
[HKLM\Software\Wow6432Node\GoforFiles]  =>P2P.GoforFiles
[HKLM\Software\Wow6432Node\Matt Holwood]
[HKLM\Software\Wow6432Node\MeuhMeuhTV]
[HKLM\Software\Wow6432Node\Ots Corporation]
[HKLM\Software\Wow6432Node\PCTools]
[HKLM\Software\Wow6432Node\Sesam.tv]
[HKLM\Software\Wow6432Node\atomixmp3]
~ Key Software: 521 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/11/2010 - 02:07:03 - [0,005] ----D C:\Program Files (x86)\Abrosoft
O43 - CFD: 08/01/2012 - 14:59:14 - [0,080] ----D C:\Program Files (x86)\AF Uninstalls
O43 - CFD: 25/03/2013 - 01:30:21 - [0,152] ----D C:\Program Files (x86)\ANC
O43 - CFD: 30/09/2011 - 01:57:52 - [97,561] ----D C:\Program Files (x86)\CityVilleBot
O43 - CFD: 05/03/2011 - 17:30:56 - [0,000] ----D C:\Program Files (x86)\DMV
O43 - CFD: 31/03/2011 - 20:07:59 - [0,023] ----D C:\Program Files (x86)\Dusco
O43 - CFD: 17/02/2011 - 16:47:28 - [0,096] ----D C:\Program Files (x86)\FixMessenger
O43 - CFD: 05/08/2012 - 20:09:57 - [2,537] ----D C:\Program Files (x86)\Free Easy CD DVD Burner
O43 - CFD: 09/10/2010 - 14:42:45 - [2,935] ----D C:\Program Files (x86)\Free Music Zilla
O43 - CFD: 27/10/2012 - 21:04:07 - [8,088] ----D C:\Program Files (x86)\GoforFiles  =>P2P.GoforFiles
O43 - CFD: 29/05/2011 - 01:19:17 - [3,404] ----D C:\Program Files (x86)\IE AdBlock
O43 - CFD: 30/10/2010 - 16:08:38 - [0,664] ----D C:\Program Files (x86)\JMBerthier
O43 - CFD: 30/12/2012 - 03:11:06 - [5,761] ----D C:\Program Files (x86)\MarkSpace
O43 - CFD: 11/10/2011 - 03:52:15 - [0,064] ----D C:\Program Files (x86)\MaxTV
O43 - CFD: 21/09/2010 - 02:07:50 - [0,000] ----D C:\Program Files (x86)\MobeeSoft
O43 - CFD: 30/05/2012 - 18:21:24 - [8,401] ----D C:\Program Files (x86)\MSNRecorderMax
O43 - CFD: 15/07/2012 - 13:00:38 - [1,897] ----D C:\Program Files (x86)\Odebit Multimédia
O43 - CFD: 19/11/2012 - 21:32:59 - [105,404] ----D C:\Program Files (x86)\OperationMania
O43 - CFD: 06/09/2010 - 02:11:02 - [2,685] ----D C:\Program Files (x86)\Pacman
O43 - CFD: 14/08/2010 - 17:01:42 - [0,000] ----D C:\Program Files (x86)\SniffPass
O43 - CFD: 28/11/2012 - 21:13:04 - [0] ----D C:\Program Files (x86)\STOPzilla!
O43 - CFD: 27/03/2011 - 19:56:12 - [0] ----D C:\Program Files (x86)\Switlle
O43 - CFD: 29/11/2012 - 22:06:09 - [3,499] ----D C:\Program Files (x86)\Tactile Pictures
O43 - CFD: 24/11/2012 - 20:38:27 - [11,057] ----D C:\Program Files (x86)\Webgameplay setup
O43 - CFD: 28/08/2012 - 15:12:33 - [169,864] ----D C:\Program Files (x86)\YoudaFarmer3Seasons
O43 - CFD: 14/02/2013 - 22:10:31 - [1021,162] ----D C:\Program Files (x86)\ZooEmpire
O43 - CFD: 25/03/2013 - 01:30:32 - [15,101] ----D C:\Program Files (x86)\Common Files\PAC7302
O43 - CFD: 02/11/2011 - 22:24:32 - [17,572] ----D C:\Program Files (x86)\Common Files\PAP7501
O43 - CFD: 03/04/2013 - 21:19:47 - [0,078] ----D C:\ProgramData\BerOwsae22savaee
O43 - CFD: 19/11/2012 - 21:34:47 - [0] ----D C:\ProgramData\Dr Maboul - Une opération de malade  !
O43 - CFD: 30/05/2012 - 18:21:26 - [0,000] ----D C:\ProgramData\MSNRecorderMax
O43 - CFD: 28/08/2012 - 16:32:07 - [0,002] ----D C:\ProgramData\Phenomedia
O43 - CFD: 03/04/2012 - 21:08:49 - [0,003] ----D C:\ProgramData\SurfRight
O43 - CFD: 27/02/2011 - 03:18:44 - [2,952] ----D C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9}
O43 - CFD: 23/12/2012 - 18:08:41 - [0,218] ----D C:\Users\jeremy\AppData\Roaming\atunes
O43 - CFD: 08/10/2010 - 14:51:12 - [0,001] ----D C:\Users\jeremy\AppData\Roaming\FMZilla
O43 - CFD: 11/11/2012 - 22:51:06 - [0,087] ----D C:\Users\jeremy\AppData\Roaming\General Downloader
O43 - CFD: 26/10/2012 - 20:25:35 - [0,005] ----D C:\Users\jeremy\AppData\Roaming\GoforFiles  =>P2P.GoforFiles
O43 - CFD: 30/12/2012 - 03:07:22 - [0,003] ----D C:\Users\jeremy\AppData\Roaming\MarkSpace
O43 - CFD: 27/08/2012 - 18:26:41 - [0,002] ----D C:\Users\jeremy\AppData\Roaming\MB4
O43 - CFD: 19/11/2012 - 21:32:39 - [0,034] ----D C:\Users\jeremy\AppData\Roaming\mr-java-installer
O43 - CFD: 30/05/2012 - 18:21:26 - [0,000] ----D C:\Users\jeremy\AppData\Roaming\MSNRecorderMax
O43 - CFD: 23/01/2012 - 03:00:08 - [0,253] ----D C:\Users\jeremy\AppData\Roaming\nswb
O43 - CFD: 21/01/2013 - 23:47:25 - [0,000] ----D C:\Users\jeremy\AppData\Roaming\PCToolsFirewallPlus
O43 - CFD: 17/12/2012 - 19:32:52 - [0,005] ----D C:\Users\jeremy\AppData\Roaming\SmartPCTools
O43 - CFD: 13/09/2010 - 04:10:32 - [0,000] ----D C:\Users\jeremy\AppData\Roaming\updatetool
O43 - CFD: 19/11/2012 - 21:32:54 - [0,001] ----D C:\Users\jeremy\AppData\Roaming\Ustream Producer
O43 - CFD: 05/06/2011 - 21:48:12 - [0,025] ----D C:\Users\jeremy\AppData\Local\Ares
O43 - CFD: 21/12/2011 - 17:05:31 - [0,000] ----D C:\Users\jeremy\AppData\Local\Audiggle_LTD
O43 - CFD: 19/11/2012 - 21:32:50 - [0,002] ----D C:\Users\jeremy\AppData\Local\ChatFlowBasic
O43 - CFD: 04/02/2013 - 02:40:52 - [0,000] ----D C:\Users\jeremy\AppData\Local\FarmvilleMagicTools
O43 - CFD: 23/10/2010 - 04:19:00 - [0] ----D C:\Users\jeremy\AppData\Local\MediaSmart DVD
O43 - CFD: 23/01/2012 - 03:00:13 - [0,111] ----D C:\Users\jeremy\AppData\Local\NudgeMania
O43 - CFD: 05/03/2011 - 16:34:29 - [0,009] ----D C:\Users\jeremy\AppData\Local\Super Internet TV
O43 - CFD: 30/03/2013 - 15:00:45 - [0,001] ----D C:\Users\jeremy\AppData\Local\Symbian-Toys.com
~ 169 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 702 Legitimates Filtered in 03mn 40s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.7A97DD3CA3290F59D514395C2B73F537] - 29/04/2013 - 20:37:46 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0   [18736]
O44 - LFC:[MD5.7A97DD3CA3290F59D514395C2B73F537] - 29/04/2013 - 20:37:46 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0   [18736]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 25/04/2013 - 03:32:43 ---A- . (...) -- C:\cookies.sqlite   [0]
O44 - LFC:[MD5.98FB2850E58E26C8F1DFF3A10F031991] - 23/04/2013 - 19:34:54 ---A- . (...) -- C:\Windows\RegBootClean64.exe   [234544]
O44 - LFC:[MD5.C145537BE5713B3EEF9799B15F68136C] - 23/04/2013 - 19:34:50 ---A- . (...) -- C:\Windows\DCEBoot64.exe   [22064]
O44 - LFC:[MD5.B7D06E31669B76A56709F834CA3F399E] - 19/04/2013 - 23:01:19 ---A- . (...) -- C:\version.dll_log.txt   [129498]
~ Files: 26 Legitimates Filtered in 02mn 07s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.070BFF5C9784E7E43C35842385F9B068] - 28/04/2013 - 22:07:31 ---A- - C:\Windows\Prefetch\ZUNEWLANCFGSVC.EXE-20A5D1F0.pf
O45 - LFCP:[MD5.1B73A58462247FA2F68C542F85FB4D7C] - 28/04/2013 - 22:10:34 ---A- - C:\Windows\Prefetch\ZUNEHOST.EXE-6CF736E8.pf
O45 - LFCP:[MD5.41269E2F96B3A53B88458D07FBD779FC] - 28/04/2013 - 22:34:46 ---A- - C:\Windows\Prefetch\GO-33-REFRESH.EXE-78D25FFE.pf
O45 - LFCP:[MD5.39AFB13C8495AA51A35DC4275C258ED0] - 28/04/2013 - 22:36:18 ---A- - C:\Windows\Prefetch\SKYPEPM.EXE-F9E72290.pf
O45 - LFCP:[MD5.7209A14C15414CA9FEC749376F98F420] - 28/04/2013 - 22:59:23 ---A- - C:\Windows\Prefetch\GOXN.EXE-985013CE.pf
O45 - LFCP:[MD5.6285ED791D60D67FDB21AA381EEBD623] - 28/04/2013 - 23:05:44 ---A- - C:\Windows\Prefetch\GAMEXNGO.EXE-5FD8496F.pf
O45 - LFCP:[MD5.D4FC96BBAACAC30103E2EAF2ED6306A0] - 28/04/2013 - 23:30:40 ---A- - C:\Windows\Prefetch\DEVICEFINGERPRINT.EXE-22F88599.pf
O45 - LFCP:[MD5.B53BD10E8E511F1E53C3F65CA5DA07BB] - 28/04/2013 - 23:50:57 ---A- - C:\Windows\Prefetch\CLUBSANDISK.EXE-0E058B9D.pf
O45 - LFCP:[MD5.118ED37C614EB082BA3EB4EA79F9EA77] - 28/04/2013 - 23:50:57 ---A- - C:\Windows\Prefetch\RUNCLUBSANDISK.EXE-1960E565.pf
O45 - LFCP:[MD5.57C81B22D5EFFF1C37FCCE46CF7FCAE1] - 28/04/2013 - 23:50:59 ---A- - C:\Windows\Prefetch\RUNSANDISKSECUREACCESS_WIN.EX-DD9B547D.pf
O45 - LFCP:[MD5.6D1E8E1DEB3B187B77CDBE1ECFB9FA6C] - 29/04/2013 - 12:29:35 ---A- - C:\Windows\Prefetch\LZMA.EXE-B044B959.pf
O45 - LFCP:[MD5.87BD4007C87284BBFC29874607D38633] - 29/04/2013 - 12:29:35 ---A- - C:\Windows\Prefetch\SUBWAY_SURFERS_(1-CLICK_RUN)_-27CF6695.pf
O45 - LFCP:[MD5.5793C98AA3DEEE55347BA639C8896910] - 29/04/2013 - 12:34:54 ---A- - C:\Windows\Prefetch\SUBWAY.SURFER.KS.EXE-9A61A883.pf
O45 - LFCP:[MD5.A3788D11DC6B3499E78700C64F1CD8F9] - 29/04/2013 - 12:51:42 ---A- - C:\Windows\Prefetch\UNINST2.EXE-C540E37C.pf
O45 - LFCP:[MD5.B6B64290669EEC7193F5C54E0CB92495] - 29/04/2013 - 12:52:48 ---A- - C:\Windows\Prefetch\SUBWAY_SURFERS.EXE-83C758D6.pf
O45 - LFCP:[MD5.224A1E0FB35B5DEFC7C987DD918EC04A] - 29/04/2013 - 12:52:51 ---A- - C:\Windows\Prefetch\UNINST1.EXE-B1EB28F7.pf
O45 - LFCP:[MD5.6B5F5677D348691368AECC5FC2287797] - 29/04/2013 - 15:18:06 ---A- - C:\Windows\Prefetch\UIUPDATETRAY.EXE-7B204E08.pf
O45 - LFCP:[MD5.2C6734F7C2384FCFA002DDBE7107E56D] - 29/04/2013 - 20:30:54 ---A- - C:\Windows\Prefetch\HPGS2WNF.EXE-18381B86.pf
~ Prefetcher: 131 Legitimates Filtered in 00mn 01s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - EasyBits Security Shield Hook - prevents launching insecure programs by kids [64Bits] - {E54729E8-643D-4270-9D49-7389EA579090} - Clé orpheline
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Free Music Zilla\FMZilla.exe" [Enabled] .(..) -- C:\Program Files (x86)\Free Music Zilla\FMZilla.exe
~ Keys Export: 1 Legitimates Filtered in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (.Pas de propriétaire - HitmanPro 3.7 Support Driver.) -- C:\Windows\System32\Drivers\hitmanpro37.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (.Pas de propriétaire - HitmanPro 3.7 Support Driver.) -- C:\Windows\System32\Drivers\hitmanpro37.sys
~ CSB: 15 Legitimates Filtered in 00mn 01s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\DriverMax  [Key] . (...) -- C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\fTalk  [Key] . (.Bandoo Media Inc. - fTalk.) -- C:\Users\jeremy\AppData\Local\fTalk\ftalk.exe  =>Adware.Bandoo
O53 - SMSR:HKLM\...\startupreg\GameXN GO  [Key] . (.GameXN AS - Game Organizer.) -- C:\ProgramData\GameXN\GameXNGO.exe
O53 - SMSR:HKLM\...\startupreg\PC-Doctor for Windows localizer  [Key] . (.PC-Doctor, Inc. - Hardware Diagnostic Tools Localizer.) -- C:\Program Files\PC-Doctor for Windows\localizer.exe
~ SMSR Keys: 21 Legitimates Filtered in 00mn 01s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys   [491088]
O58 - SDL:[MD5.4C44D82E372A87B3CB439A7F14CFEF03] - 09/07/2010 - 14:08:14 ---A- . (.BitDefender - BitDefender AntiVirus FS filter driver.) -- C:\Windows\SysWOW64\drivers\bdfsfltr.sys   [327368]
~ Drivers:  Scanned in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 26/04/2013 - 01:50:16 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\IMVULog.log.2   [73458]
O61 - LFC: 26/04/2013 - 01:59:56 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\JrjjUqU8_WjtJdMRKAW9pA==.ico   [353]
O61 - LFC: 26/04/2013 - 02:06:23 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\YcKZor7GFzQNhnYZO978Vw==.ico   [962]
O61 - LFC: 26/04/2013 - 02:23:22 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\auYOam66hjccAM+57IocJA==.ico   [353]
O61 - LFC: 26/04/2013 - 02:38:43 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\bookmarkbackups\bookmarks-2013-04-26.json   [8158]
O61 - LFC: 26/04/2013 - 02:38:47 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\minidumps\c7b48e14-0408-44d7-bdce-7e98c341af8c.dmp   [0]
O61 - LFC: 26/04/2013 - 02:40:31 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\minidumps\49d0f675-57c4-4ad8-b01e-474e74b4153f.dmp   [0]
O61 - LFC: 26/04/2013 - 14:38:36 ---A- C:\Users\jeremy\AppData\Local\fTalk\fTalk\config.xml   [4605]
O61 - LFC: 27/04/2013 - 00:34:46 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\I0ZeXifTsQEyRx2uu+wIqw==.ico   [1063]
O61 - LFC: 27/04/2013 - 01:21:23 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\0JvpdVREUluUn_S0lTgT0Q==.ico   [264]
O61 - LFC: 27/04/2013 - 01:41:03 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\bookmarkbackups\bookmarks-2013-04-27.json   [8158]
O61 - LFC: 27/04/2013 - 01:41:05 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\minidumps\6d4d3f4e-6b32-4221-9bbf-260a2f931f15.dmp   [0]
O61 - LFC: 27/04/2013 - 12:20:32 -SHA- C:\Users\jeremy\Thumbs.db   [397312]
O61 - LFC: 28/04/2013 - 00:11:55 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\mMmEQAjRxGEZjDhBUptttg==.ico   [353]
O61 - LFC: 28/04/2013 - 00:41:15 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\bookmarkbackups\bookmarks-2013-04-28.json   [8158]
O61 - LFC: 28/04/2013 - 01:28:33 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\01IHIqOUrVnbM2N2t9BrOw==.ico   [175]
O61 - LFC: 28/04/2013 - 01:34:33 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\2SjXaUKyEagL35dPjZj+Sg==.ico   [265]
O61 - LFC: 28/04/2013 - 01:34:33 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\Dn4UMbLZSBWTMKAPQoeJQA==.ico   [676]
O61 - LFC: 28/04/2013 - 01:34:33 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\OFqVVW1WzJ2nzwk73D+FJA==.ico   [265]
O61 - LFC: 28/04/2013 - 01:36:33 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\0DrrT6x82f3jW4dPgW5hKQ==.ico   [676]
O61 - LFC: 28/04/2013 - 01:36:33 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\2kzwvT2RL16NxsHAIPvIbA==.ico   [676]
O61 - LFC: 28/04/2013 - 01:36:33 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\Kb3lQ_nVsgmkmkPzv8RXtg==.ico   [676]
O61 - LFC: 28/04/2013 - 01:36:33 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\hYWqSNSjlNkyw4+zjzK3NA==.ico   [676]
O61 - LFC: 28/04/2013 - 01:36:33 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\v9BAZDhItA9V94S1yxezKw==.ico   [676]
O61 - LFC: 28/04/2013 - 01:38:33 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\B+7Pn4diZr+gmX4AXPyVbA==.ico   [571]
O61 - LFC: 28/04/2013 - 01:38:33 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\KQyC3yNYJqSY3tvE3G2X7Q==.ico   [571]
O61 - LFC: 28/04/2013 - 01:38:33 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\V4fj_+PL3e_rGRrqu0Ph9A==.ico   [571]
O61 - LFC: 28/04/2013 - 01:38:33 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\dIhu624oTP0BqshmHz1sKg==.ico   [571]
O61 - LFC: 28/04/2013 - 01:38:33 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\viwN9zD2eT19orzEM4BD8g==.ico   [571]
O61 - LFC: 28/04/2013 - 01:40:33 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\NLo5vQ4_0tnDPoVcxGhPPg==.ico   [175]
O61 - LFC: 28/04/2013 - 01:40:33 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\PaOJaPu6F6eA9yCEyTb3DA==.ico   [175]
O61 - LFC: 28/04/2013 - 01:40:33 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\msh3mKCc9ozsllkXw+oCmg==.ico   [571]
O61 - LFC: 28/04/2013 - 01:45:13 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\msh3mKCc9ozsllkXw+oCmg==.ico   [560]
O61 - LFC: 28/04/2013 - 01:53:40 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\Oub6bNPfb9s3qOSzXqvL5g==.ico   [207]
O61 - LFC: 28/04/2013 - 01:54:33 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\snCwAOmVEl8x0w8Xs5QXPg==.ico   [717]
O61 - LFC: 28/04/2013 - 01:56:33 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\36JCboZbNKOrPu+f_jMHSw==.ico   [541]
O61 - LFC: 28/04/2013 - 01:58:33 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\rRf5AfhLZzGCbjtJCAIstg==.ico   [979]
O61 - LFC: 28/04/2013 - 02:00:33 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\P6R+vIgkzK9Q39IY9roQGQ==.ico   [917]
O61 - LFC: 28/04/2013 - 02:02:33 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\Oub6bNPfb9s3qOSzXqvL5g==.ico   [138]
O61 - LFC: 28/04/2013 - 02:03:00 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\Mobo2BWDi8AxiGLx_zD0cQ==.ico   [724]
O61 - LFC: 28/04/2013 - 02:10:33 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\GnTs14_SqayS9oE7iNjI9w==.ico   [872]
O61 - LFC: 28/04/2013 - 02:12:33 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\vIB6JxSB_7XZYUCCnwTlfg==.ico   [585]
O61 - LFC: 28/04/2013 - 02:15:05 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\9mCd0oXhB1W9utcj6KA6Ew==.ico   [666]
O61 - LFC: 28/04/2013 - 02:22:33 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\strMLt5O9ON5haoSeK2Q9w==.ico   [439]
O61 - LFC: 28/04/2013 - 02:26:45 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\T9vNp1wpSGHRLQVcTFxfyw==.ico   [660]
O61 - LFC: 28/04/2013 - 02:30:34 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\QP0QPqTQrRq6AAdeahtcdA==.ico   [583]
O61 - LFC: 28/04/2013 - 02:30:34 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\nGya8fegXyxRvCN6XkXRKg==.ico   [806]
O61 - LFC: 28/04/2013 - 02:32:38 ---A- C:\Users\jeremy\AppData\Local\Google\Chrome\User Data\Local State   [59006]
O61 - LFC: 28/04/2013 - 02:32:39 ---A- C:\Users\jeremy\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt   [5]
O61 - LFC: 28/04/2013 - 02:48:34 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\v46f5hjbwwWoN0MdTe29KQ==.ico   [439]
O61 - LFC: 28/04/2013 - 02:52:34 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\Ou0x3HL3Wcnm7gRIlAr+0g==.ico   [571]
O61 - LFC: 28/04/2013 - 02:57:15 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\IMVULog.log.1   [120683]
O61 - LFC: 28/04/2013 - 03:00:34 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\4hZUxbhS6oBUTULbxYUayQ==.ico   [676]
O61 - LFC: 28/04/2013 - 03:08:31 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\PU_vWFg+R4wpsrdmlqmo5w==.ico   [247]
O61 - LFC: 28/04/2013 - 03:10:26 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\ZXj73NAprgbttPtIlze_oA==.ico   [881]
O61 - LFC: 28/04/2013 - 03:14:22 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\O_wMCgPQJp3ofEu7Jsm93g==.ico   [834]
O61 - LFC: 28/04/2013 - 03:23:25 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\Q54JiEwHO3tCmLwUNYXMzg==.ico   [1063]
O61 - LFC: 28/04/2013 - 03:43:11 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\mxN0MMCYPTl8qYfzaDaWAA==.ico   [4286]
O61 - LFC: 28/04/2013 - 12:15:45 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\1knyHNrHvU3AH8ovvfHm+Q==.ico   [353]
O61 - LFC: 28/04/2013 - 12:18:13 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\OhgiB46OpvBacUQIMXerwg==.ico   [683]
O61 - LFC: 28/04/2013 - 12:33:09 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\ctZYJOcFF5zzzzhA0dtGZA==.ico   [590]
O61 - LFC: 28/04/2013 - 14:27:44 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\adblockplus-rules.json   [365283]
O61 - LFC: 28/04/2013 - 15:26:01 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\RUquEIPhlHiK8dpJvG15IQ==.ico   [611]
O61 - LFC: 28/04/2013 - 15:41:59 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\nl7lUx_GxGQfLydINnLx8g==.ico   [264]
O61 - LFC: 28/04/2013 - 15:44:47 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\eHUBna7eeKW0aes3QP+Pww==.ico   [175]
O61 - LFC: 28/04/2013 - 20:56:37 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\1oZm7wY4LVUMAhQfqCGo4g==.ico   [931]
O61 - LFC: 28/04/2013 - 20:59:39 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\hkAcm0C6mSgv1AWxnkyBgA==.ico   [497]
O61 - LFC: 28/04/2013 - 21:01:52 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\ECRl8sggYT_UZFWIOegRHA==.ico   [253]
O61 - LFC: 28/04/2013 - 21:09:24 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\Uh5ReHz6RSu9q1gl3LYe8Q==.ico   [253]
O61 - LFC: 28/04/2013 - 21:10:56 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\_IeKRre3edQtNh4PViz4Ag==.ico   [645]
O61 - LFC: 28/04/2013 - 21:11:35 ---A- C:\Users\jeremy\AppData\Roaming\MessengerDiscovery 2\mdupdate.xml   [151]
O61 - LFC: 28/04/2013 - 21:12:02 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\HIY5FUTOeWiAkIuEkpuTCQ==.ico   [899]
O61 - LFC: 28/04/2013 - 21:18:12 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\minidumps\9df11378-eb76-4d51-8527-885b97add00a.dmp   [0]
O61 - LFC: 28/04/2013 - 22:00:23 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\jmncGnr_Ht2ax12n2tqbKg==.ico   [264]
O61 - LFC: 28/04/2013 - 22:06:49 ---A- C:\Users\jeremy\AppData\Roaming\Microsoft\IdentityCRL\Production\MetaConfig.xml   [163]
O61 - LFC: 28/04/2013 - 22:25:11 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\cRAjQtoV44AR8nIB99O_TA==.ico   [505]
O61 - LFC: 28/04/2013 - 22:59:58 ---A- C:\Users\jeremy\AppData\Roaming\go\2013-04-28-2.ezlog   [51056]
O61 - LFC: 28/04/2013 - 23:24:20 ---A- C:\Users\jeremy\AppData\Roaming\go\2013-04-29-0.ezlog   [197440]
O61 - LFC: 28/04/2013 - 23:30:43 ---A- C:\Users\jeremy\AppData\Roaming\IMVUClient\ui\profile\blocklist.xml   [135]
O61 - LFC: 28/04/2013 - 23:30:53 ---A- C:\Users\jeremy\AppData\Roaming\IMVUClient\ui\profile\pluginreg.dat   [866]
O61 - LFC: 28/04/2013 - 23:30:53 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\client_session.txt   [17]
O61 - LFC: 28/04/2013 - 23:33:07 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product16963435_ac3c6de39df7eaec3b4eacc8ed202ba0   [659704]
O61 - LFC: 28/04/2013 - 23:33:14 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\d165886914c356136d27937730f5dfba   [555]
O61 - LFC: 28/04/2013 - 23:33:15 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\f7e9b82c64acbdb542cb2e704c027f38   [1754]
O61 - LFC: 28/04/2013 - 23:33:22 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product12292554_f2aaf1902ceadfbd61f664061f7f3bdf   [2877]
O61 - LFC: 28/04/2013 - 23:33:22 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product15357406_e68f3763f2ad0109a0e57a661cbca5f4   [6537]
O61 - LFC: 28/04/2013 - 23:33:22 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product16535597_c718fa8e5c9f2417b9e768d5624c53eb   [988]
O61 - LFC: 28/04/2013 - 23:33:22 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product9469886_b0e8ef2a1dcb821f1b45c33af6cb2469   [1091]
O61 - LFC: 28/04/2013 - 23:33:23 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product11625425_d33e875baa10fc25b50bef497ffcfab1   [7041]
O61 - LFC: 28/04/2013 - 23:33:23 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product12065337_c5d023b421503f1db03db2062d6a0552   [207120]
O61 - LFC: 28/04/2013 - 23:33:23 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product13529944_5d7b28e3295bb0f3f57c5ed069968fa7   [275]
O61 - LFC: 28/04/2013 - 23:33:23 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product1423771_8f1bc5c3e233efab964641af68d6cb67   [9309]
O61 - LFC: 28/04/2013 - 23:33:23 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product14275425_94e8c59dd1635c0ccca8498ff535c1dc   [6144]
O61 - LFC: 28/04/2013 - 23:33:23 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product14799487_f8466c2e0abf85d7edd70296f55f4fd3   [3554]
O61 - LFC: 28/04/2013 - 23:33:23 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product15644668_0b4237ae24b5042b1ae98d65a4a8a1ba   [2096]
O61 - LFC: 28/04/2013 - 23:33:23 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product15740173_c9a82bd8818d38ef870dc7fc93fb7b00   [986]
O61 - LFC: 28/04/2013 - 23:33:23 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product16066554_235cb23cb5cbd0fa8efd27cb9095622f   [1616]
O61 - LFC: 28/04/2013 - 23:33:23 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product16254874_1a4834816959fc8bcceb34686d8fff5e   [54783]
O61 - LFC: 28/04/2013 - 23:33:23 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product16425080_829312564ca617dc6b42c0ef889c2385   [215669]
O61 - LFC: 28/04/2013 - 23:33:23 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product19141621_a525971559df76de557820d3e8225648   [222874]
O61 - LFC: 28/04/2013 - 23:33:23 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product19178703_eb15681cfff5271e3e78bbd1a91cec2c   [15413]
O61 - LFC: 28/04/2013 - 23:33:23 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product3699076_e9dba551ab9aea04359d8fe22e4cd5e2   [1323]
O61 - LFC: 28/04/2013 - 23:33:23 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product7281445_b3f07c2822641af1947302484fe78ac8   [2906]
O61 - LFC: 28/04/2013 - 23:33:23 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product8310586_291da0517f4c394078192b985933224c   [355]
O61 - LFC: 28/04/2013 - 23:33:27 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product13031990_aeccd1b7719efe47b3562afb7f910aa3   [675]
O61 - LFC: 28/04/2013 - 23:33:27 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product16053334_f5f0eb58a885e37d055dd6eee5edc651   [632246]
O61 - LFC: 28/04/2013 - 23:33:29 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\00a758d0ccf39e72a6bb9a8d9b332dab   [2186]
O61 - LFC: 28/04/2013 - 23:33:29 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\24993f4e42bea4bbd1727a2638348fb8   [4137]
O61 - LFC: 28/04/2013 - 23:33:29 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\401bd08c1602477147180a0c908d96de   [70419]
O61 - LFC: 28/04/2013 - 23:33:29 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\661af52ed0720ed9a19724b209cf2a96   [8181]
O61 - LFC: 28/04/2013 - 23:33:29 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\8a9102990de22af18aa36d1cd8abe334   [28566]
O61 - LFC: 28/04/2013 - 23:33:29 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\9890a0f093a93411a164237fdd1937fd   [10642]
O61 - LFC: 28/04/2013 - 23:33:29 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\98948c661473cafee131ec5f9de07875   [20247]
O61 - LFC: 28/04/2013 - 23:33:29 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\bca765f8572ca159ec2daef950ac81aa   [29952]
O61 - LFC: 28/04/2013 - 23:33:29 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\e1c7f988a03fe4c1232e94ee8609b801   [234431]
O61 - LFC: 28/04/2013 - 23:33:30 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\024ce4706620132d0e09bd73b5bcf563   [2791]
O61 - LFC: 28/04/2013 - 23:33:30 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\03c1f988e3f4184aa3b5bd94ac905920   [5709]
O61 - LFC: 28/04/2013 - 23:33:30 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\2f657c2b01907e9af64bc5497ff68d37   [13725]
O61 - LFC: 28/04/2013 - 23:33:30 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\317f87bbaecc4454ac2bac40c64c63a2   [8224]
O61 - LFC: 28/04/2013 - 23:33:30 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\323982a44ac42da8913a3f35acb7b0c8   [28879]
O61 - LFC: 28/04/2013 - 23:33:30 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\35fc9dfcf008257de03c1f13bcae3b20   [39580]
O61 - LFC: 28/04/2013 - 23:33:30 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\3628b9ee3280517a438cb1b63ab51943   [33915]
O61 - LFC: 28/04/2013 - 23:33:30 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\3dab90b1075d98bddd4b9f5976812744   [21905]
O61 - LFC: 28/04/2013 - 23:33:30 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\3f253267ae6f01aad3204fa93075d05d   [10601]
O61 - LFC: 28/04/2013 - 23:33:30 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\89128409f45bd26f1bf2d156d1cfedf4   [1841]
O61 - LFC: 28/04/2013 - 23:33:30 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\8da716e41aefc92ba396010105cfa69d   [28384]
O61 - LFC: 28/04/2013 - 23:33:30 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\a1844af11dc1167c273a7d30d0e3ab8c   [41019]
O61 - LFC: 28/04/2013 - 23:33:30 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\a1969c58c2b756a0f6361ce30494adc0   [61253]
O61 - LFC: 28/04/2013 - 23:33:30 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\a67ae2779ace9814f5a844da6c6cfdb0   [28879]
O61 - LFC: 28/04/2013 - 23:33:30 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\b3c62f2e0907227e2a59083b1683de30   [28384]
O61 - LFC: 28/04/2013 - 23:33:30 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\b911845d9925a5e0ea354faa8eb10078   [40060]
O61 - LFC: 28/04/2013 - 23:33:30 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\b91f5c32c6fe87191c6e987c1cfc525a   [10404]
O61 - LFC: 28/04/2013 - 23:33:30 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\ea8d3dfa024d5f9b5c2a6c82635e8142   [35108]
O61 - LFC: 28/04/2013 - 23:33:31 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\0e737d0beb957e4b61656a0fd63c0aeb   [447621]
O61 - LFC: 28/04/2013 - 23:33:31 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\30ce3d1ada6b96cf5f62a20e9ec096b7   [13566]
O61 - LFC: 28/04/2013 - 23:33:31 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\3d7610b1e20a97a3fb093fc8148f8edb   [36570]
O61 - LFC: 28/04/2013 - 23:33:31 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\68a2b4fca4763e7e1f68a29f5d141b2f   [41019]
O61 - LFC: 28/04/2013 - 23:33:31 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\7e61641411ac72530d524a3db35ba241   [4723]
O61 - LFC: 28/04/2013 - 23:33:31 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\9cd734680c9478ee62ef16c06fbd0530   [13243]
O61 - LFC: 28/04/2013 - 23:33:31 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\a320b5e1f69a162650759ed570b2b9ad   [1651]
O61 - LFC: 28/04/2013 - 23:33:31 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\b9a350fcda4920f8d31729991426c11d   [4723]
O61 - LFC: 28/04/2013 - 23:33:31 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\d3aac74a8a22479cc18c907b68547104   [14632]
O61 - LFC: 28/04/2013 - 23:33:31 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\dfcd82565e6f301eb9ac8863daf5ffd4   [43022]
O61 - LFC: 28/04/2013 - 23:33:45 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\productAuth.pickle   [100650]
O61 - LFC: 28/04/2013 - 23:34:57 ---A- C:\Users\jeremy\AppData\Roaming\IMVUClient\ui\profile\places.sqlite   [176128]
O61 - LFC: 28/04/2013 - 23:34:57 ---A- C:\Users\jeremy\AppData\Roaming\IMVUClient\ui\profile\places.sqlite-journal   [0]
O61 - LFC: 28/04/2013 - 23:45:45 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\_buddyState.pickle   [12862]
O61 - LFC: 28/04/2013 - 23:46:43 ---A- C:\Users\jeremy\AppData\Roaming\IMVUClient\ui\profile\cert8.db   [65536]
O61 - LFC: 28/04/2013 - 23:46:43 ---A- C:\Users\jeremy\AppData\Roaming\IMVUClient\ui\profile\key3.db   [16384]
O61 - LFC: 28/04/2013 - 23:46:43 ---A- C:\Users\jeremy\AppData\Roaming\IMVUClient\ui\profile\prefs.js   [949]
O61 - LFC: 28/04/2013 - 23:50:52 ---A- C:\Users\jeremy\AppData\Roaming\.backup.dm   [288]
O61 - LFC: 29/04/2013 - 00:15:56 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\UZkQYDoM6FYtVdPaLjIl1A==.ico   [353]
O61 - LFC: 29/04/2013 - 00:32:48 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\iLJUgcP92I7nur2z2DyMpQ==.ico   [568]
O61 - LFC: 29/04/2013 - 00:43:04 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\3XLRVs1QWS9f97qGkZQwKw==.ico   [568]
O61 - LFC: 29/04/2013 - 00:48:50 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\AqqO5rGL7avSYMDctDyk5w==.ico   [492]
O61 - LFC: 29/04/2013 - 01:08:14 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\4tGLYCC6c1V6XaiAmDfgOg==.ico   [568]
O61 - LFC: 29/04/2013 - 01:12:43 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\ogmbbYan8Bn+beKXehgTRQ==.ico   [492]
O61 - LFC: 29/04/2013 - 01:27:37 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\v0ea3+AkdAVIt2BKeJWDYg==.ico   [423]
O61 - LFC: 29/04/2013 - 01:28:11 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\blocklist.xml   [62756]
O61 - LFC: 29/04/2013 - 01:30:02 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\lVulciw6nmc1CTkNpt+o1g==.ico   [423]
O61 - LFC: 29/04/2013 - 01:30:14 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\addons.sqlite   [524288]
O61 - LFC: 29/04/2013 - 01:37:08 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\UzU5snma_FSNfQhAz0DePg==.ico   [212]
O61 - LFC: 29/04/2013 - 02:00:59 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\FZ_bWigZe_ldmWyELptZxg==.ico   [492]
O61 - LFC: 29/04/2013 - 02:38:06 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\bookmarkbackups\bookmarks-2013-04-29.json   [8158]
O61 - LFC: 29/04/2013 - 02:42:16 ---A- C:\Users\jeremy\AppData\Local\Resmon.ResmonCfg   [7602]
O61 - LFC: 29/04/2013 - 12:08:16 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\4gPpjkxgZzXPVtuEoAL9Ig==.ico   [175]
O61 - LFC: 29/04/2013 - 12:08:16 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\Dl0XLJKtfnlo8ij6Gs7cIw==.ico   [426]
O61 - LFC: 29/04/2013 - 12:08:16 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\JjK_k_lNCGuIA1rp2r_WzA==.ico   [175]
O61 - LFC: 29/04/2013 - 12:08:16 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\pWi4gU4ZlEYQ8oEz0DIX4Q==.ico   [175]
O61 - LFC: 29/04/2013 - 12:08:16 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\sy5lsLReSErDEkPc6fL3EA==.ico   [175]
O61 - LFC: 29/04/2013 - 12:08:16 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\zbPPmDA3yZBDFS3iZzOfDg==.ico   [676]
O61 - LFC: 29/04/2013 - 12:19:14 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\2hfCxuc9+7V_bTMn62a1AA==.ico   [497]
O61 - LFC: 29/04/2013 - 12:28:00 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\kST5SFI15uYD1azdSXYDVg==.ico   [445]
O61 - LFC: 29/04/2013 - 12:34:21 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\mimeTypes.rdf   [30119]
O61 - LFC: 29/04/2013 - 12:34:37 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\YPinK7erYTx5QGF8EAuu7A==.ico   [301]
O61 - LFC: 29/04/2013 - 13:12:23 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\permissions.sqlite   [5120]
O61 - LFC: 29/04/2013 - 13:12:23 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\webappsstore.sqlite   [3819520]
O61 - LFC: 29/04/2013 - 13:12:24 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\content-prefs.sqlite   [229376]
O61 - LFC: 29/04/2013 - 13:12:25 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\minidumps\b863a367-0462-4a35-afea-9a3cdb7d43ab.dmp   [15025]
O61 - LFC: 29/04/2013 - 13:12:25 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\minidumps\b863a367-0462-4a35-afea-9a3cdb7d43ab.extra   [0]
O61 - LFC: 29/04/2013 - 13:16:31 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\cert8.db   [376832]
O61 - LFC: 29/04/2013 - 13:16:31 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\key3.db   [16384]
O61 - LFC: 29/04/2013 - 13:16:31 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\sessionstore.bak   [940]
O61 - LFC: 29/04/2013 - 13:47:16 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\extensions.sqlite   [524288]
O61 - LFC: 29/04/2013 - 13:47:16 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\extensions.sqlite-journal   [262720]
O61 - LFC: 29/04/2013 - 13:47:20 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\cookies.sqlite-shm   [32768]
O61 - LFC: 29/04/2013 - 13:47:20 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\places.sqlite-shm   [32768]
O61 - LFC: 29/04/2013 - 13:47:21 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\webapps\webapps.json   [2]
O61 - LFC: 29/04/2013 - 13:47:29 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\safebrowsing\test-malware-simple.sbstore   [232]
O61 - LFC: 29/04/2013 - 13:47:29 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\urlclassifierkey3.txt   [154]
O61 - LFC: 29/04/2013 - 13:47:29 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\webappsstore.sqlite-shm   [32768]
O61 - LFC: 29/04/2013 - 13:47:30 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\safebrowsing\test-malware-simple.cache   [44]
O61 - LFC: 29/04/2013 - 13:47:30 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\safebrowsing\test-malware-simple.pset   [16]
O61 - LFC: 29/04/2013 - 13:47:30 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\safebrowsing\test-phish-simple.cache   [44]
O61 - LFC: 29/04/2013 - 13:47:30 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\safebrowsing\test-phish-simple.pset   [16]
O61 - LFC: 29/04/2013 - 13:47:30 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\safebrowsing\test-phish-simple.sbstore   [232]
O61 - LFC: 29/04/2013 - 13:47:58 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\prefs.js   [2914050]
O61 - LFC: 29/04/2013 - 14:48:53 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\yga6uhnMmvmS2Fe_f38MbQ==.ico   [497]
O61 - LFC: 29/04/2013 - 14:49:17 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\CCPDqEdT7FLz_l2RkSnNVA==.ico   [770]
O61 - LFC: 29/04/2013 - 14:52:20 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\0aLKOC_p1Z5QK7PqqWSwMg==.ico   [972]
O61 - LFC: 29/04/2013 - 15:04:29 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\O8YE2nYZNUXLDbsQhziuaw==.ico   [914]
O61 - LFC: 29/04/2013 - 15:06:00 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\qmQ46aZcdb+t4tWs_VCwmw==.ico   [952]
O61 - LFC: 29/04/2013 - 15:12:22 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\t3_UlSH4JoJCZ5w8i13srg==.ico   [989]
O61 - LFC: 29/04/2013 - 15:59:28 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\cookies.sqlite-wal   [688664]
O61 - LFC: 29/04/2013 - 16:05:06 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\0H_VvwVlhjbBiG6aGeMvQA==.ico   [739]
O61 - LFC: 29/04/2013 - 16:07:46 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\z1pv5WDdYgFfzerotXJcew==.ico   [1070]
O61 - LFC: 29/04/2013 - 17:53:19 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\adblockplus\elemhide.css   [1635608]
O61 - LFC: 29/04/2013 - 20:20:52 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\localstore.rdf   [35201]
O61 - LFC: 29/04/2013 - 20:31:51 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\startupCache\startupCache.4.little   [333697]
O61 - LFC: 29/04/2013 - 20:34:26 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\formhistory.sqlite   [327680]
O61 - LFC: 29/04/2013 - 20:34:26 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\signons.sqlite   [84992]
O61 - LFC: 29/04/2013 - 20:54:00 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\webappsstore.sqlite-wal   [47192]
O61 - LFC: 29/04/2013 - 20:55:26 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\sessionstore.js   [54823]
O61 - LFC: 29/04/2013 - 20:58:55 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\places.sqlite   [10485760]
O61 - LFC: 29/04/2013 - 20:59:03 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\downloads.sqlite   [98304]
O61 - LFC: 29/04/2013 - 20:59:06 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\_CACHE_CLEAN_   [1]
O61 - LFC: 29/04/2013 - 20:59:10 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\places.sqlite-wal   [82432]
O61 - LFC: 29/04/2013 - 21:20:19 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\cookies.sqlite   [1572864]
O61 - LFC: 29/04/2013 - 21:20:21 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\safebrowsing\goog-malware-shavar.cache   [12]
O61 - LFC: 29/04/2013 - 21:20:21 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\safebrowsing\goog-malware-shavar.pset   [796716]
O61 - LFC: 29/04/2013 - 21:20:21 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\safebrowsing\goog-malware-shavar.sbstore   [1628790]
O61 - LFC: 29/04/2013 - 21:20:22 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\safebrowsing\goog-phish-shavar.cache   [12]
O61 - LFC: 29/04/2013 - 21:20:22 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\safebrowsing\goog-phish-shavar.pset   [676926]
O61 - LFC: 29/04/2013 - 21:20:22 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\safebrowsing\goog-phish-shavar.sbstore   [577149]
~ 19 Fichiers temporaires (Temporary files)
~ Files: 5556 Legitimates Filtered in 47mn 56s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
O63 - Logiciel: RSIT - (.random/random.)
~ ADS:  Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (ctredr15.sys)  .(...) - LEGACY_CTREDR15.SYS
O64 - Services: CurCS - 03/04/2012 - C:\Windows\system32\drivers\hitmanpro36.sys (hitmanpro35)  .(.Pas de propriétaire - HitmanPro 3.6 Support Driver.) - LEGACY_HITMANPRO35
O64 - Services: CurCS - 20/03/2013 - C:\Windows\system32\drivers\hitmanpro37.sys (hitmanpro37)  .(.Pas de propriétaire - HitmanPro 3.7 Support Driver.) - LEGACY_HITMANPRO37
O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (sbapifs)  .(...) - LEGACY_SBAPIFS
~ Legacy: 154 Legitimates Filtered in 00mn 04s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <Google Chrome.Autorisation> <Google Chrome>[HKLM\..\Shell\open\Command] (.Not Key.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <Opera> <Opera>[HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Opera.exe
~ Keys:  Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {50713636-91C4-4AD8-9F0B-92C84C7267BA} - (Google) - http://www.google.fr
O69 - SBI: SearchScopes [HKCU] {740ADE67-27D1-46E7-9101-EE4A06240359} - (Yahoo-FileServe) - http://fileservehome.com
O69 - SBI: SearchScopes [HKCU] {8D5BA109-1674-4EA3-B303-A0B4A7E819F6} - (Yahoo! Search) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {CC1DA801-494E-46CB-8994-45059DF5B853} - (Bing) - http://www.bing.com
~ Keys:  Scanned in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.2D2634136D7F4D222C0101B09B54605B] [SPRF][28/11/2012] (...) -- C:\ProgramData\1354060113.bdinstall.bin   [417046]
[MD5.089066BACC26040B415397A9577515C5] [SPRF][28/11/2012] (...) -- C:\ProgramData\1354060641.bdinstall.bin   [215549]
[MD5.F93F36D10162A7D17D6A70EB8E106262] [SPRF][06/10/2010] (...) -- C:\ProgramData\bdinstall.bin   [160008]
[MD5.3E818A640D6B53CDF839CC8B7E4E1CE2] [SPRF][25/11/2012] (...) -- C:\ProgramData\NanoRepository.bin   [6080]
[MD5.4D0BD9C1E2453206571F9FC7F43451ED] [SPRF][28/04/2013] (.GameXN AS - GameXN Refresh.) -- C:\Users\jeremy\AppData\Local\Temp\go-33-refresh.exe   [3087344]
[MD5.2F0C579C8286F218E3DAFD57155DDF04] [SPRF][29/04/2013] (...) -- C:\Users\jeremy\AppData\Local\Temp\uninst1.exe   [519680]
[MD5.2F0C579C8286F218E3DAFD57155DDF04] [SPRF][29/04/2013] (...) -- C:\Users\jeremy\AppData\Local\Temp\uninst2.exe   [519680]
[MD5.0E0045E0BE24AADE596C83E52D58F683] [SPRF][28/04/2013] (...) -- C:\Users\jeremy\AppData\Local\Temp\~gu-ver.dat   [116]
[MD5.7DA96CA8A31F14D35AE836EFC48B45CB] [SPRF][20/10/2011] (...) -- C:\Users\jeremy\AppData\Roaming\jeremylog.dat   [787]
[MD5.CC53E0D99DC90101345F76658A3B7E12] [SPRF][05/03/2011] (...) -- C:\Users\jeremy\AppData\Roaming\SQLite3.dll   [58275]
[MD5.AE07903B1663ACDA1AAEFE105B5FEA3D] [SPRF][06/03/2011] (...) -- C:\Users\jeremy\AppData\Roaming\system.dat   [24978]
[MD5.0BF98FB84851D2214B61E38093557980] [SPRF][21/06/2011] (...) -- C:\Users\jeremy\AppData\Roaming\wklnhst.dat   [170]
[MD5.392FF5AE84228D07F0DE76488FA4A735] [SPRF][03/01/2013] (.Audacity Team - Audacity Setup.) -- C:\Users\jeremy\Desktop\audacity-win-2.0.2.exe   [21415874]
[MD5.BF24AD166B5E9A55D53B8582AA675A90] [SPRF][05/05/2012] (.Facebook Inc. - Setup.) -- C:\Users\jeremy\Desktop\FacebookMessengerSetup.exe   [493512]
[MD5.FEE1D58C6AD73F25EB0DAD4F690560AD] [SPRF][26/12/2012] (.Facebook Inc. - Setup.) -- C:\Users\jeremy\Desktop\FacebookVideoCallSetup_v1.2.205.0.exe   [501248]
[MD5.A5C3AA63CFECDA1A78CD51AF270A69F4] [SPRF][21/01/2013] (.Pas de propriétaire - PC Tools Firewall Plus Setup.) -- C:\Users\jeremy\Desktop\fwinstall.exe   [10267520]
[MD5.17DE29775C62386BBBEE72A18EE64109] [SPRF][02/04/2013] (...) -- C:\Users\jeremy\Desktop\MaConfig_win.exe   [256328]
[MD5.266404D2B89BDA7F1D528032C713C082] [SPRF][05/05/2012] (.Microsoft Corporation - Self-Extracting Cabinet.) -- C:\Users\jeremy\Desktop\Silverlight_x64.exe   [13072536]
[MD5.28D3932F714BF71D78E75D36AA2E0FB8] [SPRF][24/06/2012] (.Microsoft Corporation - Self Extracting Stub.) -- C:\Users\jeremy\Desktop\windows6.1-KB976932-X64.exe   [947070088]
[MD5.ED324284FA119EF0F240AC9E2262D666] [SPRF][10/02/2012] (.Microsoft Corporation - Windows Media Component Setup Application.) -- C:\Users\jeremy\Desktop\wmpfirefoxplugin(2).exe   [318904]
[MD5.ED324284FA119EF0F240AC9E2262D666] [SPRF][09/05/2012] (.Microsoft Corporation - Windows Media Component Setup Application.) -- C:\Users\jeremy\Desktop\wmpfirefoxplugin.exe   [318904]
[MD5.FA4B58943C3A031DD0F09618C67AA406] [SPRF][29/04/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Users\jeremy\Desktop\ZHPDiag2.exe   [5618780]
[MD5.B340DBA478293038477F60BE7C78D1DC] [SPRF][16/12/2012] (...) -- C:\Program Files (x86)\KaraokeSetup.exe   [770938]
~ Files:  Scanned in 00mn 22s



---\\ Scan Additionnel (O88)
Database Version : v2.11773 - (29/04/2013)
Clés trouvées (Keys found) : 33
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 5
Fichiers trouvés  (Files found) : 1

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\CC94835868BCA58489B0D79DE655BCB1]   =>PUP.Dealio
[HKLM\Software\Classes\Installer\Features\D82C50F59AED6DA47AA360145789E8BA]   =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D82C50F59AED6DA47AA360145789E8BA]   =>PUP.Dealio
[HKLM\Software\Wow6432Node\Classes\Installer\Features\D82C50F59AED6DA47AA360145789E8BA]   =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB525538DB364CE4495200ECDA84942C]   =>Adware.SPointer
[HKLM\Software\CrazyLoader]   =>Adware.SPointer
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]   =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]   =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8]   =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]   =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]   =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044]   =>PUP.Dealio
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion]   =>Toolbar.Yahoo
[HKLM\Software\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}]   =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}]   =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}]   =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}]   =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}]   =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}]   =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}]   =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}]   =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}]   =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}]   =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}]   =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}]   =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}]   =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}]   =>Toolbar.Freecorder
[HKLM\Software\Wow6432Node\Microsoft\Tracing\boxore_RASAPI32]   =>Adware.Boxore
[HKLM\Software\Wow6432Node\Microsoft\Tracing\boxore_RASMANCS]   =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA]   =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC]   =>Adware.Boxore^
C:\Program Files (x86)\Webgameplay setup   =>Toolbar.Agent
C:\Users\jeremy\AppData\LocalLow\Protection_ZoneAlarm   =>Toolbar.Conduit
C:\ProgramData\BerOwsae22savaee  =>Adware.Browse2Save^
C:\Users\jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\0\Extensions\plugin@yontoo.com   =>Adware.Yontoo
C:\Users\jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\jeremy\Extensions\plugin@yontoo.com   =>Adware.Yontoo
C:\Users\jeremy\AppData\Local\Temp\uninst1.exe   =>Toolbar.Babylon
~ Additionnel Scan: 458590 Items scanned in 00mn 39s



---\\ Product Upgrade Codes (O90)
O90 - PUC: "7E9C3C6D433D8194DB75B5E11FC402D7" . (.Bing Bar.) -- C:\Windows\Installer\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}\icon_installer_ico
O90 - PUC: "9888910D6677B424BA181FF6E8DDEF4F" . (.Facemoods.) -- C:\Windows\Installer\{D0198889-7766-424B-AB81-F16F8EDDFEF4}\ARPPRODUCTICON.exe  =>Adware.Facemoods
O90 - PUC: "AC250698790157240B487D440488F16E" . (.AKVIS SmartMask.) -- C:\Windows\Installer\{896052CA-1097-4275-B084-D74440881FE6}\ARPPRODUCTICON.exe
O90 - PUC: "C5DCD2F8B572E5040868FB1B3BEC20EF" . (.PixEasy.) -- C:\Windows\Installer\{8F2DCD5C-275B-405E-8086-BFB1B3CE02FE}\ARPPRODUCTICON.exe
O90 - PUC: "DFFDD08F030DCCC4FA30DBE8EEE502DE" . (.General Module.) -- C:\Windows\Installer\{F80DDFFD-D030-4CCC-AF03-BD8EEE5E20ED}\_6FEFF9B68218417F98F549.exe
~ Update Products: 207 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 22/11/2010 72704 |  (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
SS - | Demand 18/12/2012 65192 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 11/04/2013 256904 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 16/11/2012 238080 |  (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 13/07/2012 310952 |  (Amsp) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
SS - | Auto 10/02/2012 193816 |  (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
SR - | Demand 10/02/2012 240408 |  (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
SR - | Auto 30/08/2011 462184 |  (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SS - | Demand 12/10/2010 206072 |  (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Disabled 14/08/2010 135664 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 14/08/2010 135664 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 16/08/2012 194032 |  (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 22/10/2004 73728 |  (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SR - | Auto 20/08/2009 73728 |  (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 22/04/2013 1141072 |  (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SS - | Demand 12/04/2013 115608 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 26/01/2009 1153368 |  (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
SS - | Demand 19/12/2012 732648 |  (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Disabled  207872 |  (Serviio) . (...) - C:\Program Files\Serviio\bin\ServiioService.exe
SR - | Auto 26/02/2013 3560800 |  (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
SS - | Auto  0 |  (Threatdiction Web Filtring) . (...) - C:\Program Files (x86)\Threatdiction\Threatdiction.exe
SS - | Disabled 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Disabled  0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Disabled 09/11/2008 602392 |  (YahooAUService) . (.Yahoo! Inc..) - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
~ Services:  Scanned in 00mn 09s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by jeremy at 29/04/2013 22:37:55

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR:  Scanned in 00mn 04s



~ 7829 Legitimates filtered by white list
End of the scan (1097 lines in 05mn 15s)(0)