Rapport de ZHPDiag v2013.4.21.127 par Nicolas Coolman, Update du 21/04/2013
Run by jeremy at 22/04/2013 15:36:02
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by user


---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16540
MFIE: Mozilla Firefox 20.0.1 (Defaut)
GCIE: Google Chrome v25.0.1364.172
OPIE: Opera v12.12

---\\ Windows Product Information
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Protection
Malwarebytes Anti-Malware version 1.70.0.1100
Trend Micro Titanium v6.00
Spybot - Search & Destroy v1.6.2
Windows Defender W7

---\\ System Optimizer
CCleaner v4.00

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 17
Java 7 Update 21

---\\ System Information
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4095 MB (59% free)
System Restore: Activé (Enable)
System drive C: has 387 GB (66%) free of 584 GB

---\\ Logged in mode
~ Computer Name: JEREMY-PC
~ User Name: jeremy
~ All Users Names: jeremy, HomeGroupUser$, Autorisation, Administrateur, 
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\jeremy\AppData\Roaming\
~ %Desktop% : C:\Users\jeremy\Desktop\
~ %Favorites% : C:\Users\jeremy\Favorites\
~ %LocalAppData% : C:\Users\jeremy\AppData\Local\
~ %StartMenu% : C:\Users\jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 387 Go of 584 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 12 Go)
E:\ CD-ROM drive (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime :  OK
~ Security Center:  Scanned in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.753C0848AE7872A3F59663078A517293] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/02/2013 - 11:15:07.) -- C:\Windows\System32\wininet.dll [2240512]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.E453ACF4E7D44E5530B5D5F2B9CA8563] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.31/08/2012 - 19:19:35.) -- C:\Windows\system32\Drivers\ntfs.sys [1659760]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 4/2225
~ Mes musiques (My Musics) : 2/4021
~ Mes Videos (My Videos) : 2/23
~ Mes Favoris (My Favorites) : 1/54
~ Mes Documents (My Documents) : 2/5257
~ Mon Bureau (My Desktop) : 3/11033
~ Menu demarrer (Programs) : 1/13
~ Hidden Files:  Scanned in 00mn 20s



---\\ Processus lancés
[MD5.2A3FB4C98F139038E23330D2439DB8A4] - (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\jeremy\AppData\Local\Facebook\Update\FacebookUpdate.exe   [138096] [PID.2464]
[MD5.5516C26A6AF8EB4E2CAB48EC98A74398] - (.Hewlett-Packard - hpwuSchd Application.) -- c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe   [54576] [PID.3624]
[MD5.E508B0095D4871A6DB4AB32B878501EE] - (.Pas de propriétaire - hpgs2wnf Module.) -- C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe   [65536] [PID.1076]
[MD5.2D9A1A43307EC9BB267BE9F90B4AF0D5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [6936576] [PID.3384]
[MD5.2238B91AC1A12CC6CC4C4FED41258B2A] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe   [73728] [PID.1836]
[MD5.837608240884733792DDAE81E50B802A] - (.Microsoft Corporation - SQL Server Windows NT.) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe   [29293408] [PID.1900]
[MD5.86EBD8B1F23E743AAD21F4D5B4D40985] - (.Microsoft Corporation - SQL Browser Service EXE.) -- c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe   [238944] [PID.1172]
[MD5.01CC3B9349B244C752CDD99EFDA080BB] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe   [3560800] [PID.2056]
[MD5.794D4B48DFB6E999537C7C3947863463] - (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe   [1153368] [PID.2108]
[MD5.85D5E6AC46A2AE4672C1AC813AE45B95] - (.Microsoft Corp. - Bing Desktop updating service.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe   [168592] [PID.4904]
~ Processes Running:  Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\jeremy\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Chrome Web Store v.0.1 ()
G2 - GCE: Preference [User Data\Default] [eemcgdkfndhakfknompkggombfjjjeno] Bookmark Manager v.0.1 ()
G2 - GCE: Preference [User Data\Default] [fpgkjhpjldibdbbppfcabadmpfenkdfe] FS Extension v.1.0.0.3394 (Désactivé)
G2 - GCE: Preference [User Data\Default] [gkcbebbklfkjeocpmoamnopdllfekind] General Downloader plugin v.1.0.1 (Désactivé)
G2 - GCE: Preference [User Data\Default] [heoldelcflnigdllmlopiefhkkobendj] TrendMicro Toolbar v.6.0.0.1318, (Désactivé)
G2 - GCE: Preference [User Data\Default] [mfehgcgbbipciphmccgaenjidiccnmng] Cloud Print v.0.1 (Désactivé)
~ Google Browser:  Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Users\jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js
C:\Users\jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\0\user.js
C:\Users\jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\jeremy\prefs.js (.not file.)
C:\Users\jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\jeremy\user.js
M3 - MFPP: Plugins - [jeremy] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\fileserve.xml
M2 - MFEP: prefs.js [jeremy - 0\plugin@yontoo.com] [] Yontoo v1.20.00 (..)  =>PUP.Yontoo
M2 - MFEP: prefs.js [jeremy - jeremy\plugin@yontoo.com] [] Yontoo v1.20.00 (..)  =>PUP.Yontoo
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - 1.9.0042.0.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npLegitCheckPlugin.dll
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - 2.0.0048.0.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npOGAPlugin.dll
P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.3] - (.Pas de propriétaire - Provides additional functionality on Facebook. See <a href="http://www.) -- C:\Users\jeremy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.4] - (.Pas de propriétaire - Provides additional functionality on Facebook. See <a href="http://www.) -- C:\Users\jeremy\AppData\Roaming\Facebook\npfbplugin_1_0_4.dll
~ Firefox Browser: 30 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: (no name) [64Bits] - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Microsoft Corporation - Navigateur Internet.) (No version) -- (.not file.)
R3 - URLSearchHook: (no name) [64Bits] - {d7f26d0e-9801-45c3-a091-8a65e4ed73b5} . (.Microsoft Corporation - Navigateur Internet.) (No version) -- (.not file.)
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ IE Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\SysWOW64\userinit.exe,"C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe"
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: QFX Software KeyScrambler [64Bits] - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} . (.QFX Software Corporation - KeyScrambler Program DLL.) -- C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: IE AdBlock [64Bits] - {46B37057-5BA8-4014-B28D-6448FD171A3E} . (.CatenaLogic - Internet Explorer Browser Extension to bloc.) -- C:\Program Files (x86)\IE AdBlock\IE AdBlock.dll
O2 - BHO: BerOwsae22savaee [64Bits] - {4F121455-41F6-A13C-A887-9778BA2A17CF} . (...) -- C:\ProgramData\BerOwsae22savaee\515a12233045f.dll
O2 - BHO: Spybot-S&D IE Protection [64Bits] - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - SBSD IE Protection.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
~ BHO: 14 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
~ Toolbar:  Scanned in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Trend Micro Titanium] . (.Trend Micro Inc. - Trend Micro Client Main Console.) -- C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe 
O4 - HKLM\..\Run: [SmartMenu] . (.Pas de propriétaire - SmartMenu.) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe 
O4 - HKLM\..\Run: [Trend Micro Client Framework] . (.Trend Micro Inc. - Trend Micro Client Session Agent Monitor.) -- C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe 
O4 - HKLM\..\Run: [Zune Launcher] . (.Microsoft Corporation - Zune Auto-Launcher.) -- C:\Program Files\Zune\ZuneLauncher.exe 
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe 
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\jeremy\AppData\Local\Facebook\Update\FacebookUpdate.exe 
O4 - HKCU\..\Run: [GameXN GO] . (.GameXN AS - Game Organizer.) -- C:\ProgramData\GameXN\GameXNGO.exe 
O4 - HKLM\..\Wow6432Node\Run: [BingDesktop] . (.Microsoft Corp. - Bing Desktop Application.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe 
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe 
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe 
O4 - HKUS\S-1-5-21-3817708357-2392638510-768260211-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe 
O4 - HKUS\S-1-5-21-3817708357-2392638510-768260211-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\jeremy\AppData\Local\Facebook\Update\FacebookUpdate.exe 
O4 - HKUS\S-1-5-21-3817708357-2392638510-768260211-1001\..\Run: [GameXN GO] . (.GameXN AS - Game Organizer.) -- C:\ProgramData\GameXN\GameXNGO.exe 
~ Application:  Scanned in 00mn 01s



---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: fTalk.lnk . (.Bandoo Media Inc. - fTalk.)  -- C:\Users\jeremy\AppData\Local\fTalk\ftalk.exe   =>Adware.Bandoo
O4 - GS\TaskBar: HP MediaSmart.lnk . (...)  -- C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (.not file.)
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
O4 - GS\TaskBar: Skype.lnk . (...)  -- C:\Windows\Installer\{5335DADB-34BA-4AE8-A519-648D78498846}\SkypeIcon.exe
O4 - GS\TaskBar: Windows Explorer (3).lnk . (.Microsoft Corporation - Explorateur Windows.)  -- C:\Windows\explorer.exe 
O4 - GS\TaskBar: Windows Explorer (4).lnk . (.Microsoft Corporation - Explorateur Windows.)  -- C:\Windows\explorer.exe 
O4 - GS\TaskBar: Windows Live Messenger .lnk . (.Microsoft Corporation - Windows Live Messenger.)  -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe 
O4 - GS\Programs: fTalk.lnk . (.Bandoo Media Inc. - fTalk.)  -- C:\Users\jeremy\AppData\Local\fTalk\ftalk.exe   =>Adware.Bandoo
O4 - GS\QuickLaunch: Easy Audio Cutter.lnk . (.Koyote Soft - Pas de description.)  -- C:\Program Files (x86)\Free Audio Pack\Easy Audio Cutter\AudioCutter.exe 
O4 - GS\QuickLaunch: Free CD Ripper.lnk . (.Koyote Soft - FreeCDRipper.)  -- C:\Program Files (x86)\Free Audio Pack\Free CD Ripper\FreeCDRipper.exe 
O4 - GS\QuickLaunch: Free Mp3 Wma Converter.lnk . (.Koyote Soft - Free Audio Converter.)  -- C:\Program Files (x86)\Free Audio Pack\FreeConverter\FreeConverter.exe 
O4 - GS\QuickLaunch: Free Music Zilla.lnk . (...)  -- C:\Program Files (x86)\Free Music Zilla\FMZilla.exe
O4 - GS\QuickLaunch: fTalk.lnk . (.Bandoo Media Inc. - fTalk.)  -- C:\Users\jeremy\AppData\Local\fTalk\ftalk.exe   =>Adware.Bandoo
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch: Mozilla Firefox 4.0 Beta 11.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\firefox.exe 
O4 - GS\QuickLaunch: PhotoScape.lnk . (...)  -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch: Picasa 3.lnk . (.Google Inc. - Picasa.)  -- C:\Program Files (x86)\Google\Picasa3\Picasa3.exe 
O4 - GS\QuickLaunch: Samsung Kies.lnk . (.Samsung - Kies.)  -- C:\Program Files (x86)\Samsung\Kies\Kies.exe 
O4 - GS\QuickLaunch: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.)  -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe 
O4 - GS\QuickLaunch: WildTangent Games App - hp.lnk . (.WildTangent - WildTangent Games App.)  -- C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe 
O4 - GS\QuickLaunch: Yahoo! Messenger.lnk . (.Yahoo! Inc. - Yahoo! Messenger.)  -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe 
O4 - GS\SendTo: AVS Mobile Uploader.lnk . (.Online Media Technologies Ltd. - AVS Mobile Uploader.)  -- C:\Program Files (x86)\Common Files\AVSMedia\MobileUploader\AVSMobileUploader.exe 
O4 - GS\SendTo: AVS Video Burner.lnk . (.Online Media Technologies Ltd. - AVS Video Burner.)  -- C:\Program Files (x86)\Common Files\AVSMedia\BurnerService\AVSVideoBurner.exe 
O4 - GS\SendTo: AVS Video Uploader.lnk . (.Online Media Technologies Ltd. - AVS Video Uploader.)  -- C:\Program Files (x86)\Common Files\AVSMedia\VideoUploader\AVSVideoUploader.exe 
O4 - GS\SendTo: Dossier de téléchargement Share-to-Web .lnk . (...)  -- C:\Users\jeremy\AppData\Roaming\Dossier de téléchargement Share-to-Web  
O4 - GS\SendTo: Format Factory.lnk . (.Free Time - FormatFactory.)  -- C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe 
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.)  -- C:\Program Files (x86)\Skype\Phone\Skype.exe 
O4 - Global Startup: C:\Users\jeremy\Desktop\(1) Céline Hamzaoui Carlieer.URL . (...)  -- C:\Users\jeremy\Desktop\(1) Céline Hamzaoui Carlieer.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\22 avril 2013 0058.URL . (...)  -- C:\Users\jeremy\Desktop\22 avril 2013 0058.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\A Bittersweet Life.URL . (...)  -- C:\Users\jeremy\Desktop\A Bittersweet Life.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Annael Ymcmb.URL . (...)  -- C:\Users\jeremy\Desktop\Annael Ymcmb.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Arek Aro - YouTube.URL . (...)  -- C:\Users\jeremy\Desktop\Arek Aro - YouTube.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Association Profil Facebook.URL . (...)  -- C:\Users\jeremy\Desktop\Association Profil Facebook.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Battle of Gods le nouveau film sur Dragon Ball Z qui sortira en 2013.URL . (...)  -- C:\Users\jeremy\Desktop\Battle of Gods le nouveau film sur Dragon Ball Z qui sortira en 2013.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\battles of gods - Recherche Google.URL . (...)  -- C:\Users\jeremy\Desktop\battles of gods - Recherche Google.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\BBox Sensation vs Freebox Révolution vs SFR Box Evolution vs La Box de Numéricable vs LiveBox Orange Tableaux comparatifs - .URL . (...)  -- C:\Users\jeremy\Desktop\BBox Sensation vs Freebox Révolution vs SFR Box Evolution vs La Box de Numéricable vs LiveBox Orange Tableaux comparatifs - .URL
O4 - Global Startup: C:\Users\jeremy\Desktop\biddy.URL . (...)  -- C:\Users\jeremy\Desktop\biddy.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Blogger  Master-Music-Club - Tous les posts.URL . (...)  -- C:\Users\jeremy\Desktop\Blogger  Master-Music-Club - Tous les posts.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Chat with Laurette in a Live Adult Video Chat Room Now.URL . (...)  -- C:\Users\jeremy\Desktop\Chat with Laurette in a Live Adult Video Chat Room Now.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Chat with Obedientt3 in a Live Adult Video Chat Room Now.URL . (...)  -- C:\Users\jeremy\Desktop\Chat with Obedientt3 in a Live Adult Video Chat Room Now.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Cisko e Familia en mode Vida Loca feat Obed - Allo koi - YouTube.URL . (...)  -- C:\Users\jeremy\Desktop\Cisko e Familia en mode Vida Loca feat Obed - Allo koi - YouTube.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Clickr.URL . (...)  -- C:\Users\jeremy\Desktop\Clickr.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Connecting GO and Skype GameXN.URL . (...)  -- C:\Users\jeremy\Desktop\Connecting GO and Skype GameXN.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Convertisseur MP3 Youtube - Video2MP3.URL . (...)  -- C:\Users\jeremy\Desktop\Convertisseur MP3 Youtube - Video2MP3.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\coqnue - Recherche Google.URL . (...)  -- C:\Users\jeremy\Desktop\coqnue - Recherche Google.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Creer-personnaliser.com - personnaliser un tee shirt homme ou imprimer un vêtement.URL . (...)  -- C:\Users\jeremy\Desktop\Creer-personnaliser.com - personnaliser un tee shirt homme ou imprimer un vêtement.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Daft Punk - Homework full album - YouTube.URL . (...)  -- C:\Users\jeremy\Desktop\Daft Punk - Homework full album - YouTube.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Debrideur Mixturevideo Purevid gratuit.URL . (...)  -- C:\Users\jeremy\Desktop\Debrideur Mixturevideo Purevid gratuit.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\desaparecidos-vs-walter-master-j---danser--lanfranchi---farina-2013-original-mix - Recherche Google.URL . (...)  -- C:\Users\jeremy\Desktop\desaparecidos-vs-walter-master-j---danser--lanfranchi---farina-2013-original-mix - Recherche Google.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Dijay Vod-k.URL . (...)  -- C:\Users\jeremy\Desktop\Dijay Vod-k.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\dimitri_vegas___like_mike___wakanda - Recherche Google.URL . (...)  -- C:\Users\jeremy\Desktop\dimitri_vegas___like_mike___wakanda - Recherche Google.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\DJ-Mix-Radio.URL . (...)  -- C:\Users\jeremy\Desktop\DJ-Mix-Radio.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\DoVisio simple visiochat.URL . (...)  -- C:\Users\jeremy\Desktop\DoVisio simple visiochat.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Download Skype 5.3.0.111 for Windows - OldVersion.com.URL . (...)  -- C:\Users\jeremy\Desktop\Download Skype 5.3.0.111 for Windows - OldVersion.com.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Dvdrip Uptobox - Telecharger Films Dvdrip sur Uptobox.URL . (...)  -- C:\Users\jeremy\Desktop\Dvdrip Uptobox - Telecharger Films Dvdrip sur Uptobox.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Elwina feat. The Phat Mack - Chocolate Love (Club Remix) - YouTube.URL . (...)  -- C:\Users\jeremy\Desktop\Elwina feat. The Phat Mack - Chocolate Love (Club Remix) - YouTube.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Espace Demandeurs d'emploi - site pole-emploi.fr.URL . (...)  -- C:\Users\jeremy\Desktop\Espace Demandeurs d'emploi - site pole-emploi.fr.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\F-Secure Health Check.url . (...)  -- C:\Users\jeremy\Desktop\F-Secure Health Check.url
O4 - Global Startup: C:\Users\jeremy\Desktop\Facebook.URL . (...)  -- C:\Users\jeremy\Desktop\Facebook.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Fiche de Cendriellax3.URL . (.Facebook Inc. - Setup.)  -- C:\Users\jeremy\Desktop\Fiche de Cendriellax3.URL
O4 - GS\Desktop: Format Factory.lnk . (.Free Time - FormatFactory.)  -- C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe 
O4 - Global Startup: C:\Users\jeremy\Desktop\Francisca Piera Garcia.URL . (.Free Time - FormatFactory.)  -- C:\Users\jeremy\Desktop\Francisca Piera Garcia.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Full Premium - Numéricable.URL . (.Free Time - FormatFactory.)  -- C:\Users\jeremy\Desktop\Full Premium - Numéricable.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Google Traduction.URL . (...)  -- C:\Users\jeremy\Desktop\Google Traduction.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Gratis Download fTalk v3 aplikasi khusus Chating Facebook..URL . (...)  -- C:\Users\jeremy\Desktop\Gratis Download fTalk v3 aplikasi khusus Chating Facebook..URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Greasespot.URL . (...)  -- C:\Users\jeremy\Desktop\Greasespot.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Harlem Shake sous l'eau.. Incroyable.URL . (...)  -- C:\Users\jeremy\Desktop\Harlem Shake sous l'eau.. Incroyable.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Histoire de sexe.. - Désir et plaisir - FORUM Ados-Love.URL . (...)  -- C:\Users\jeremy\Desktop\Histoire de sexe.. - Désir et plaisir - FORUM Ados-Love.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Inscrivez-vous gratuitement sur Oopad!.URL . (...)  -- C:\Users\jeremy\Desktop\Inscrivez-vous gratuitement sur Oopad!.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\italobrothers - Recherche Google.URL . (...)  -- C:\Users\jeremy\Desktop\italobrothers - Recherche Google.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\jeremy torronteras (jeremytorronter) sur Twitter.URL . (...)  -- C:\Users\jeremy\Desktop\jeremy torronteras (jeremytorronter) sur Twitter.URL
O4 - GS\Desktop: Jouer (GameXN).lnk . (.GameXN AS - Game Organizer.)  -- C:\ProgramData\GameXN\GameXNGO.exe 
O4 - Global Startup: C:\Users\jeremy\Desktop\Julie Toupet.URL . (.GameXN AS - Game Organizer.)  -- C:\Users\jeremy\Desktop\Julie Toupet.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Justine Barghout (Variétés) - ZicMeUp.URL . (.GameXN AS - Game Organizer.)  -- C:\Users\jeremy\Desktop\Justine Barghout (Variétés) - ZicMeUp.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Justine L'Samra Musique gratuite, dates de tournées, photos, vidéos.URL . (.GameXN AS - Game Organizer.)  -- C:\Users\jeremy\Desktop\Justine L'Samra Musique gratuite, dates de tournées, photos, vidéos.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Knife-Party---Internet-Friends--Original-Mix - YouTube.URL . (.GameXN AS - Game Organizer.)  -- C:\Users\jeremy\Desktop\Knife-Party---Internet-Friends--Original-Mix - YouTube.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\L'accès à la configuration de votre box (Numericable) Panoptinet.URL . (.GameXN AS - Game Organizer.)  -- C:\Users\jeremy\Desktop\L'accès à la configuration de votre box (Numericable) Panoptinet.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\la vieille est vraiment OUF MDR aimez et partagez !.URL . (.GameXN AS - Game Organizer.)  -- C:\Users\jeremy\Desktop\la vieille est vraiment OUF MDR aimez et partagez !.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Laura Gft.URL . (.GameXN AS - Game Organizer.)  -- C:\Users\jeremy\Desktop\Laura Gft.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Le Miel et les Abeilles - Page 22.URL . (.GameXN AS - Game Organizer.)  -- C:\Users\jeremy\Desktop\Le Miel et les Abeilles - Page 22.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Les Années fac en streaming - DpStream.URL . (.GameXN AS - Game Organizer.)  -- C:\Users\jeremy\Desktop\Les Années fac en streaming - DpStream.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\LES PLAYLISTS - Playfun.fr.URL . (.GameXN AS - Game Organizer.)  -- C:\Users\jeremy\Desktop\LES PLAYLISTS - Playfun.fr.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\liselotte23 - Profil - liselotte23 - Club Doctissimo.URL . (.GameXN AS - Game Organizer.)  -- C:\Users\jeremy\Desktop\liselotte23 - Profil - liselotte23 - Club Doctissimo.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Listes des séries (2409) - Planet Series - Séries rapidshare, multiupload, séries streaming, télécharger gratuitement vos sé.URL . (.GameXN AS - Game Organizer.)  -- C:\Users\jeremy\Desktop\Listes des séries (2409) - Planet Series - Séries rapidshare, multiupload, séries streaming, télécharger gratuitement vos sé.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Lumidee - Never Leave You (Uh Oh) [OFFICIAL VIDEO] - YouTube.URL . (...)  -- C:\Users\jeremy\Desktop\Lumidee - Never Leave You (Uh Oh) [OFFICIAL VIDEO] - YouTube.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\lumidee-vs--fatman-scoop---dance-2013--original-mix - Recherche Google.URL . (...)  -- C:\Users\jeremy\Desktop\lumidee-vs--fatman-scoop---dance-2013--original-mix - Recherche Google.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Lupe Fuentes and THE EX GIRLFRIENDS- Whatchya Lookin At- - YouTube.url . (...)  -- C:\Users\jeremy\Desktop\Lupe Fuentes and THE EX GIRLFRIENDS- Whatchya Lookin At- - YouTube.url
O4 - Global Startup: C:\Users\jeremy\Desktop\Macklemore & Ryan Lewis - Can't Hold Us (Ft. Ray Dalton) - Vidéo Dailymotion.URL . (...)  -- C:\Users\jeremy\Desktop\Macklemore & Ryan Lewis - Can't Hold Us (Ft. Ray Dalton) - Vidéo Dailymotion.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\mange des tomates mon amour - Recherche Google.URL . (...)  -- C:\Users\jeremy\Desktop\mange des tomates mon amour - Recherche Google.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Manon Galera (Manon) sur Myspace.URL . (...)  -- C:\Users\jeremy\Desktop\Manon Galera (Manon) sur Myspace.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Manzai's Blog.URL . (...)  -- C:\Users\jeremy\Desktop\Manzai's Blog.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Meliss Jecpa.URL . (...)  -- C:\Users\jeremy\Desktop\Meliss Jecpa.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Messenger - Microsoft Windows.URL . (...)  -- C:\Users\jeremy\Desktop\Messenger - Microsoft Windows.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Met un ? si qlq....URL . (...)  -- C:\Users\jeremy\Desktop\Met un ? si qlq....URL
O4 - Global Startup: C:\Users\jeremy\Desktop\netsky---we-can-only-live-today--puppy---feat-billie---modek-remix - Recherche Google.URL . (...)  -- C:\Users\jeremy\Desktop\netsky---we-can-only-live-today--puppy---feat-billie---modek-remix - Recherche Google.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Obenez votre Xbox gratuit live maintenant!.URL . (...)  -- C:\Users\jeremy\Desktop\Obenez votre Xbox gratuit live maintenant!.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\OKAY MAIS MONTRE-MOI TES MAINS !.URL . (...)  -- C:\Users\jeremy\Desktop\OKAY MAIS MONTRE-MOI TES MAINS !.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\oppo finder - Recherche Google.URL . (...)  -- C:\Users\jeremy\Desktop\oppo finder - Recherche Google.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Patch Anti mise à jour pour WLM 2009 14.0.8089.726 (QFE2).URL . (...)  -- C:\Users\jeremy\Desktop\Patch Anti mise à jour pour WLM 2009 14.0.8089.726 (QFE2).URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Photos du journal.URL . (...)  -- C:\Users\jeremy\Desktop\Photos du journal.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\POWER MIX on POWER MIX.URL . (...)  -- C:\Users\jeremy\Desktop\POWER MIX on POWER MIX.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Premiere fellation en video.URL . (...)  -- C:\Users\jeremy\Desktop\Premiere fellation en video.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Problème Windows update.URL . (...)  -- C:\Users\jeremy\Desktop\Problème Windows update.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Profil - juliette535 - Club Doctissimo.URL . (...)  -- C:\Users\jeremy\Desktop\Profil - juliette535 - Club Doctissimo.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Profil - Lucie-83 - Club Doctissimo.URL . (...)  -- C:\Users\jeremy\Desktop\Profil - Lucie-83 - Club Doctissimo.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\QueDeLaZic.URL . (...)  -- C:\Users\jeremy\Desktop\QueDeLaZic.URL
O4 - GS\Desktop: Revo Uninstaller.lnk . (.VS Revo Group - Revo Uninstaller.)  -- C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe 
O4 - Global Startup: C:\Users\jeremy\Desktop\Romane Noel.URL . (.VS Revo Group - Revo Uninstaller.)  -- C:\Users\jeremy\Desktop\Romane Noel.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Rémi Gaillard piège TF1 (En ce moment à la télé) - YouTube.URL . (.VS Revo Group - Revo Uninstaller.)  -- C:\Users\jeremy\Desktop\Rémi Gaillard piège TF1 (En ce moment à la télé) - YouTube.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Résultats des examens.URL . (.VS Revo Group - Revo Uninstaller.)  -- C:\Users\jeremy\Desktop\Résultats des examens.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Résultats Google Recherche d'images correspondant à httpwww.seeklogo.comimagesMMusicMonster_FM-logo-B7D623A2E3-seeklogo.com..URL . (.VS Revo Group - Revo Uninstaller.)  -- C:\Users\jeremy\Desktop\Résultats Google Recherche d'images correspondant à httpwww.seeklogo.comimagesMMusicMonster_FM-logo-B7D623A2E3-seeklogo.com..URL
O4 - Global Startup: C:\Users\jeremy\Desktop\SANDRATRYRADIO (99_illana) sur Twitter.URL . (.VS Revo Group - Revo Uninstaller.)  -- C:\Users\jeremy\Desktop\SANDRATRYRADIO (99_illana) sur Twitter.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Scooter - 4 AM (Official Video) - YouTube.URL . (...)  -- C:\Users\jeremy\Desktop\Scooter - 4 AM (Official Video) - YouTube.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\showtek---justin-prime---cannonball-official-hd - Recherche Google.URL . (...)  -- C:\Users\jeremy\Desktop\showtek---justin-prime---cannonball-official-hd - Recherche Google.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Spotify Web Player.URL . (...)  -- C:\Users\jeremy\Desktop\Spotify Web Player.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Stream Live Video on Twitter from twitcam- powered by Livestream.URL . (...)  -- C:\Users\jeremy\Desktop\Stream Live Video on Twitter from twitcam- powered by Livestream.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\TF1 répond à Rémi Gaillard après avoir été piégé par l'humoriste.URL . (...)  -- C:\Users\jeremy\Desktop\TF1 répond à Rémi Gaillard après avoir été piégé par l'humoriste.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\The Cum Omelet By DeviantClip.URL . (...)  -- C:\Users\jeremy\Desktop\The Cum Omelet By DeviantClip.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\THE MEMORIAL DAFT PUNK MEGAMIX by ADRIEN TOMA by Adrien Toma on SoundCloud - Hear the world’s sounds.URL . (...)  -- C:\Users\jeremy\Desktop\THE MEMORIAL DAFT PUNK MEGAMIX by ADRIEN TOMA by Adrien Toma on SoundCloud - Hear the world’s sounds.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Trend Micro Titanium Antivirus+ 2013 - Les tests - InfoMars.fr.URL . (...)  -- C:\Users\jeremy\Desktop\Trend Micro Titanium Antivirus+ 2013 - Les tests - InfoMars.fr.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\TRY RADIO - YouTube.URL . (...)  -- C:\Users\jeremy\Desktop\TRY RADIO - YouTube.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Try Radio -.URL . (...)  -- C:\Users\jeremy\Desktop\Try Radio -.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\TRYRADIO NIMES - A suivre Inconnu - Inconnu.URL . (...)  -- C:\Users\jeremy\Desktop\TRYRADIO NIMES - A suivre Inconnu - Inconnu.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\TRYRADIO NIMES - This stream is not broadcasting.URL . (...)  -- C:\Users\jeremy\Desktop\TRYRADIO NIMES - This stream is not broadcasting.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\tryradio nimes on USTREAM tryradio le son dancefloor. Radio.URL . (...)  -- C:\Users\jeremy\Desktop\tryradio nimes on USTREAM tryradio le son dancefloor. Radio.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\TV Underground.URL . (...)  -- C:\Users\jeremy\Desktop\TV Underground.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Twitter Recherche - #TRYRADIO.URL . (...)  -- C:\Users\jeremy\Desktop\Twitter Recherche - #TRYRADIO.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Twitter Recherche - tryradio.URL . (...)  -- C:\Users\jeremy\Desktop\Twitter Recherche - tryradio.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Télécharger Les Profs - Films en DVDRip.URL . (...)  -- C:\Users\jeremy\Desktop\Télécharger Les Profs - Films en DVDRip.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Télécharger Mise à jour de sécurité pour Microsoft .NET Framework 4 depuis le Centre de téléchargement officiel Microsoft.URL . (...)  -- C:\Users\jeremy\Desktop\Télécharger Mise à jour de sécurité pour Microsoft .NET Framework 4 depuis le Centre de téléchargement officiel Microsoft.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Une mise à jour des positions sexuelles.URL . (...)  -- C:\Users\jeremy\Desktop\Une mise à jour des positions sexuelles.URL
O4 - GS\Desktop: Update Checker.lnk . (.FileHippo.com - FileHippo.com Update Checker.)  -- C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe 
O4 - Global Startup: C:\Users\jeremy\Desktop\Voyage en Corse 'Récit Hétéro - Récits érotiques - FORUM sexualité.URL . (.FileHippo.com - FileHippo.com Update Checker.)  -- C:\Users\jeremy\Desktop\Voyage en Corse 'Récit Hétéro - Récits érotiques - FORUM sexualité.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Watch Dj jayjay Mix electro 2011 torronteras Episodes Videos Blip.URL . (.FileHippo.com - FileHippo.com Update Checker.)  -- C:\Users\jeremy\Desktop\Watch Dj jayjay Mix electro 2011 torronteras Episodes Videos Blip.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Webcam de Fafagagapink - Cam gratuite et sexe Cam.URL . (.FileHippo.com - FileHippo.com Update Checker.)  -- C:\Users\jeremy\Desktop\Webcam de Fafagagapink - Cam gratuite et sexe Cam.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Wildlife Conservation Society Win an iPad.URL . (...)  -- C:\Users\jeremy\Desktop\Wildlife Conservation Society Win an iPad.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Windows Live Messenger 9 BETA Finale.URL . (...)  -- C:\Users\jeremy\Desktop\Windows Live Messenger 9 BETA Finale.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\xnxx.com - Recherche Google.URL . (.Microsoft Corporation - Windows Media Component Setup Application.)  -- C:\Users\jeremy\Desktop\xnxx.com - Recherche Google.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Y a-t-il une fille qui aime le sperme - Les ados parlent sexo - FORUM sexualité.URL . (.Microsoft Corporation - Windows Media Component Setup Application.)  -- C:\Users\jeremy\Desktop\Y a-t-il une fille qui aime le sperme - Les ados parlent sexo - FORUM sexualité.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\Zippyshare.com - Armand Pena feat. Monique - Party Life (Pena Brothers Remix) [OnlyTheBestEDM.com].mp3.URL . (.Nicolas Coolman - ZHPDiag.)  -- C:\Users\jeremy\Desktop\Zippyshare.com - Armand Pena feat. Monique - Party Life (Pena Brothers Remix) [OnlyTheBestEDM.com].mp3.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\[Tutoriel] Configurer Free Mobile sur votre Nokia en 1 minute ! (Symbian, MeeGo, Windows Phone, Maemo) NokiaPhones.fr.URL . (.Nicolas Coolman - ZHPDiag.)  -- C:\Users\jeremy\Desktop\[Tutoriel] Configurer Free Mobile sur votre Nokia en 1 minute ! (Symbian, MeeGo, Windows Phone, Maemo) NokiaPhones.fr.URL
O4 - Global Startup: C:\Users\jeremy\Desktop\? vF Secrets In The Walls.2011 ( film entier en français ) ? - YouTube.URL . (...)  -- C:\Users\jeremy\Desktop\? vF Secrets In The Walls.2011 ( film entier en français ) ? - YouTube.URL
O4 - GS\TaskBar: HPAdvisor.lnk . (.Hewlett-Packard - HP Advisor.)  -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe 
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.)  -- C:\Windows\explorer.exe 
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.)  -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe 
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.)  -- C:\Windows\system32\eudcedit.exe 
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft  Windows Fax and Scan.)  -- C:\Windows\system32\WFS.exe 
O4 - Global Startup: C:\Users\Autorisation\Desktop\Blacklight Retribution - FPS Free to Play.URL . (...)  -- C:\Users\Autorisation\Desktop\Blacklight Retribution - FPS Free to Play.URL
O4 - GS\Desktop: Glary Utilities.lnk . (.Glarysoft Ltd - Glary Utilities.)  -- C:\Program Files (x86)\Glary Utilities\Integrator.exe 
O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
O4 - GS\Desktop: HiJackThis.lnk . (.Trend Micro Inc. - HijackThis.)  -- C:\Users\Autorisation\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 
O4 - Global Startup: C:\Users\Autorisation\Desktop\JEU SUPER MARIO BROS DELUXE Gratuit sur JEU .info.URL . (...)  -- C:\Users\Autorisation\Desktop\JEU SUPER MARIO BROS DELUXE Gratuit sur JEU .info.URL
O4 - Global Startup: C:\Users\Autorisation\Desktop\LaBox Numericable comment bien choisir son canal Wi-Fi Panoptinet.URL . (...)  -- C:\Users\Autorisation\Desktop\LaBox Numericable comment bien choisir son canal Wi-Fi Panoptinet.URL
O4 - Global Startup: C:\Users\Autorisation\Desktop\Magic Desktop - Laissez votre ordinateur jouer les nounous !.URL . (...)  -- C:\Users\Autorisation\Desktop\Magic Desktop - Laissez votre ordinateur jouer les nounous !.URL
O4 - GS\Desktop: Magic Desktop.lnk . (.EasyBits Software AS - EasyBits Security Shield.)  -- C:\Program Files (x86)\EasyBits For Kids\ezSecShield.exe 
O4 - Global Startup: C:\Users\Autorisation\Desktop\Media center et partage de contenus du serveur multimédia - LaBox.URL . (.EasyBits Software AS - EasyBits Magic Desktop Setup.)  -- C:\Users\Autorisation\Desktop\Media center et partage de contenus du serveur multimédia - LaBox.URL
O4 - Global Startup: C:\Users\Autorisation\Desktop\Nokia Lumia 610 Téléchargements - Nokia - France.URL . (.EasyBits Software AS - EasyBits Magic Desktop Setup.)  -- C:\Users\Autorisation\Desktop\Nokia Lumia 610 Téléchargements - Nokia - France.URL
O4 - Global Startup: C:\Users\Autorisation\Desktop\Nostalgie Tv - Chaine télé de divertissement.URL . (...)  -- C:\Users\Autorisation\Desktop\Nostalgie Tv - Chaine télé de divertissement.URL
O4 - Global Startup: C:\Users\Autorisation\Desktop\Page de démarrage de Mozilla Firefox.URL . (...)  -- C:\Users\Autorisation\Desktop\Page de démarrage de Mozilla Firefox.URL
O4 - Global Startup: C:\Users\Autorisation\Desktop\Paramétrage.URL . (...)  -- C:\Users\Autorisation\Desktop\Paramétrage.URL
O4 - Global Startup: C:\Users\Autorisation\Desktop\PARE FEU WINDOWS DESACTIVE A CHAQUE DEMARRAGE - Forums Zebulon.fr.URL . (...)  -- C:\Users\Autorisation\Desktop\PARE FEU WINDOWS DESACTIVE A CHAQUE DEMARRAGE - Forums Zebulon.fr.URL
O4 - Global Startup: C:\Users\Autorisation\Desktop\Photos chat Gouttière, photos de chats de race Gouttière - Wamiz.URL . (...)  -- C:\Users\Autorisation\Desktop\Photos chat Gouttière, photos de chats de race Gouttière - Wamiz.URL
O4 - GS\Desktop: PhotoScape.lnk . (...)  -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - Global Startup: C:\Users\Autorisation\Desktop\Races de chats classées par noms - Wamiz.URL . (...)  -- C:\Users\Autorisation\Desktop\Races de chats classées par noms - Wamiz.URL
O4 - Global Startup: C:\Users\Autorisation\Desktop\restaurant le forum - MENU.url . (...)  -- C:\Users\Autorisation\Desktop\restaurant le forum - MENU.url
O4 - Global Startup: C:\Users\Autorisation\Desktop\theHunter.URL . (...)  -- C:\Users\Autorisation\Desktop\theHunter.URL
O4 - GS\Desktop: Trend Micro Titanium.lnk . (...)  -- C:\Program Files (x86)\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (.not file.)
O4 - Global Startup: C:\Users\Autorisation\Desktop\Une mise à jour mineure pour FireFox la version 19.0.2 - Presse Electronique - lelectronique.com - Lu dans la Presse.URL . (...)  -- C:\Users\Autorisation\Desktop\Une mise à jour mineure pour FireFox la version 19.0.2 - Presse Electronique - lelectronique.com - Lu dans la Presse.URL
O4 - Global Startup: C:\Users\Autorisation\Desktop\Une mise à jour mineure pour FireFox la version 19.0.2 Bhmag.URL . (...)  -- C:\Users\Autorisation\Desktop\Une mise à jour mineure pour FireFox la version 19.0.2 Bhmag.URL
O4 - GS\Desktop: Virtual DJ Home.lnk . (.Atomix Productions - VirtualDJ.)  -- C:\Program Files (x86)\VirtualDJ\virtualdj_home.exe 
O4 - Global Startup: C:\Users\Autorisation\Desktop\Virus 100 euro d'amende solution - YouTube.URL . (.Atomix Productions - VirtualDJ.)  -- C:\Users\Autorisation\Desktop\Virus 100 euro d'amende solution - YouTube.URL
O4 - Global Startup: C:\Users\Autorisation\Desktop\Widestream 6.URL . (.Atomix Productions - VirtualDJ.)  -- C:\Users\Autorisation\Desktop\Widestream 6.URL
~ Global Startup:  Scanned in 00mn 13s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MIF5BA~1\Office14\ONBttnIE.dll
O9 - Extra button: &KeyScrambler Options [64Bits] - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} -- Clé orpheline
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MIF5BA~1\Office14\ONBTTN~1.dll
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A76E9CDF-7D92-49D0-A740-4487B3F4A1C4}: NameServer = 212.73.209.226,86.64.145.143
O17 - HKLM\System\CCS\Services\Tcpip\..\{A76E9CDF-7D92-49D0-A740-4487B3F4A1C4}: DhcpNameServer = 8.26.56.26 8.20.247.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{A76E9CDF-7D92-49D0-A740-4487B3F4A1C4}: NameServer = 212.73.209.226,86.64.145.143
O17 - HKLM\System\CS1\Services\Tcpip\..\{A76E9CDF-7D92-49D0-A740-4487B3F4A1C4}: DhcpNameServer = 8.26.56.26 8.20.247.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{A76E9CDF-7D92-49D0-A740-4487B3F4A1C4}: NameServer = 212.73.209.226,86.64.145.143
O17 - HKLM\System\CS2\Services\Tcpip\..\{A76E9CDF-7D92-49D0-A740-4487B3F4A1C4}: DhcpNameServer = 8.26.56.26 8.20.247.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.26.56.26 8.20.247.20
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) -- 
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: WB . (...) -- C:\Program Files (x86)\Stardock\OBJECT~1\WINDOW~1\fast64.dll (.not file.)
~ Winlogon:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: SBSD Security Center Service (SBSDWSCService) . (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Threatdiction Web Filtring (Threatdiction Web Filtring) . (...) - C:\Program Files (x86)\Threatdiction\Threatdiction.exe (.not file.)
~ Services: 8 Legitimates Filtered in 00mn 05s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{28D8D3F5-D02B-445C-9764-AA9472DC4B3F}] (...) -- C:\Users\jeremy\Desktop\ChevronWP7.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{2FB51F65-3ECD-49CA-B23B-EE11139AC482}] (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{38B9E8C5-3006-490F-BE27-A4CB3CC261BC}] (...) -- C:\Users\jeremy\Desktop\sunbelt-personal-firewall-ex-kerio_sunbelt_personal_firewall_ex_kerio_4.6.1861_francais_11071.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{6C93A53A-19BA-41B0-AB7D-743057B4AE73}] (...) -- C:\Users\jeremy\Desktop\sp54620.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{CE1310FC-C367-430B-A4A0-57B09D40FCC5}] (...) -- C:\Users\jeremy\Desktop\sp52110.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{D50811A6-405D-4AB2-9FED-DFE5A270AA26}] (...) -- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par d‚faut\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\Setup.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{E747CB64-18F0-46A0-ABD8-C1FF08AE0AFA}] (...) -- C:\Users\jeremy\Desktop\sp45602.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{F65C9DC4-925B-42E3-B4A6-60703AA0713E}] (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (.not file.)   [0]
~ Scheduled Task: 36 Legitimates Filtered in 00mn 06s



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: ctredr15.sys (ctredr15.sys) . (. - .) - C:\Windows\system32\drivers\ctredr15.sys (.not file.)
~ Drivers: 75 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {497BCFDD-F589-448D-A1C3-78D1B1809CCC}  =>Adware.Boxore
O42 - Logiciel: BrowseToSave - (...) [HKLM][64Bits] -- {161EE7C5-2C54-4BE7-A90C-6476CDFDC533}
O42 - Logiciel: CityVilleBot - (.CityVilleBot.) [HKLM][64Bits] -- {AC7EDC76-DE45-4BC3-BC4F-3273F0836464}_is1
O42 - Logiciel: CocoLogo 3D Screensaver - (...) [HKLM][64Bits] -- CocoLogo3D_is1
O42 - Logiciel: Desinstalar COMECOCOS LOCO - (...) [HKLM][64Bits] -- Desinstalar COMECOCOS LOCO
O42 - Logiciel: FixMessenger - (...) [HKLM][64Bits] -- FixMessenger
O42 - Logiciel: Free Music Zilla - (.FreeMusicZilla.com.) [HKLM][64Bits] -- Free Music Zilla_is1
O42 - Logiciel: Galerie photo xhtml - (.JMBerthier.) [HKLM][64Bits] -- {476E7DF6-3C37-4B93-A14B-2C5FBD11EF7D}
O42 - Logiciel: General Module - (.PixArt Imaging Inc..) [HKLM][64Bits] -- {F80DDFFD-D030-4CCC-AF03-BD8EEE5E20ED}
O42 - Logiciel: GoforFiles - (.http://www.goforfiles.com/.) [HKCU][64Bits] -- GoforFiles
O42 - Logiciel: IE AdBlock - (.CatenaLogic.) [HKLM][64Bits] -- IE AdBlock_is1
O42 - Logiciel: LG USB Modem driver - (...) [HKLM][64Bits] -- {C3ABE126-2BB2-4246-BFE1-6797679B3579}
O42 - Logiciel: NudgeMania 4.1 for Messenger - (.Sherv.NET.) [HKLM][64Bits] -- NudgeMania 4.1 for Messenger
O42 - Logiciel: Orb - (.Orb Networks.) [HKLM][64Bits] -- Orb
O42 - Logiciel: Orb Mini Controller - (.Orb Networks.) [HKLM][64Bits] -- Orb Mini Controller
O42 - Logiciel: Orb Runtime libraries - (.Orb Networks, Inc..) [HKLM][64Bits] -- {2133CB3F-F891-4081-8681-FEE2B2419FF4}
O42 - Logiciel: OtsTurntables Free 1.00.027 - (...) [HKLM][64Bits] -- OtsTurntables Free
O42 - Logiciel: PAP7501 - (.Nom de votre société.) [HKLM][64Bits] -- {C6A0FD8A-F107-44CA-AA1B-49341936F76A}
O42 - Logiciel: Tactile12000 2.1 - (...) [HKLM][64Bits] -- Tactile12000 2.1
O42 - Logiciel: fTalk - (.Bandoo Media Inc.) [HKCU][64Bits] -- fTalk  =>Adware.Bandoo
O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKLM][64Bits] -- uTorrent
~ Logic: 315 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ahusoft]
[HKCU\Software\AppDataLow\Software\vmnantiphishing_ad]
[HKCU\Software\Audiggle LTD]
[HKCU\Software\BitTorrent]
[HKCU\Software\BlaCk.HaCk]
[HKCU\Software\DefRow]
[HKCU\Software\Dolwin Emulator]
[HKCU\Software\Download Service Utility]
[HKCU\Software\EyePower Games]
[HKCU\Software\FLXP]
[HKCU\Software\GeneralDownloader]
[HKCU\Software\KoroSoft]
[HKCU\Software\Matt Holwood]
[HKCU\Software\Mudlord]
[HKCU\Software\N3WT0N]
[HKCU\Software\NSWB]
[HKCU\Software\NSeries]
[HKCU\Software\NudgeMania]
[HKCU\Software\Pogo]
[HKCU\Software\Positech]
[HKCU\Software\RICEVIDEO]
[HKCU\Software\Sesam.tv]
[HKCU\Software\Sherv.NET]
[HKCU\Software\Streamripper]
[HKCU\Software\SurfRight]
[HKCU\Software\Switlle]
[HKCU\Software\ViC.MeDox]
[HKCU\Software\ViewOnTV]
[HKCU\Software\amly-dz@hotmail.com]
[HKCU\Software\mhk2]
[HKLM\Software\CrazyLoader]
[HKLM\Software\SurfRight]
[HKLM\Software\Wow6432Node\Agnitum]
[HKLM\Software\Wow6432Node\Free Music Zilla]
[HKLM\Software\Wow6432Node\GameEx]
[HKLM\Software\Wow6432Node\GoforFiles]
[HKLM\Software\Wow6432Node\Matt Holwood]
[HKLM\Software\Wow6432Node\MeuhMeuhTV]
[HKLM\Software\Wow6432Node\Ots Corporation]
[HKLM\Software\Wow6432Node\PCTools]
[HKLM\Software\Wow6432Node\Sesam.tv]
[HKLM\Software\Wow6432Node\atomixmp3]
~ Key Software: 521 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/11/2010 - 02:07:03 - [0,005] ----D C:\Program Files (x86)\Abrosoft
O43 - CFD: 08/01/2012 - 14:59:14 - [0,080] ----D C:\Program Files (x86)\AF Uninstalls
O43 - CFD: 25/03/2013 - 01:30:21 - [0,152] ----D C:\Program Files (x86)\ANC
O43 - CFD: 31/03/2011 - 19:49:10 - [0,065] ----D C:\Program Files (x86)\BeRubyIcon
O43 - CFD: 30/09/2011 - 01:57:52 - [97,561] ----D C:\Program Files (x86)\CityVilleBot
O43 - CFD: 05/03/2011 - 17:30:56 - [0,000] ----D C:\Program Files (x86)\DMV
O43 - CFD: 31/03/2011 - 20:07:59 - [0,023] ----D C:\Program Files (x86)\Dusco
O43 - CFD: 17/02/2011 - 16:47:28 - [0,096] ----D C:\Program Files (x86)\FixMessenger
O43 - CFD: 05/08/2012 - 20:09:57 - [2,537] ----D C:\Program Files (x86)\Free Easy CD DVD Burner
O43 - CFD: 09/10/2010 - 14:42:45 - [2,935] ----D C:\Program Files (x86)\Free Music Zilla
O43 - CFD: 27/10/2012 - 21:04:07 - [8,088] ----D C:\Program Files (x86)\GoforFiles
O43 - CFD: 29/05/2011 - 01:19:17 - [3,391] ----D C:\Program Files (x86)\IE AdBlock
O43 - CFD: 30/10/2010 - 16:08:38 - [0,664] ----D C:\Program Files (x86)\JMBerthier
O43 - CFD: 30/12/2012 - 03:11:06 - [5,761] ----D C:\Program Files (x86)\MarkSpace
O43 - CFD: 11/10/2011 - 03:52:15 - [0,064] ----D C:\Program Files (x86)\MaxTV
O43 - CFD: 25/03/2013 - 01:34:16 - [325,873] ----D C:\Program Files (x86)\Metin2
O43 - CFD: 21/09/2010 - 02:07:50 - [0,000] ----D C:\Program Files (x86)\MobeeSoft
O43 - CFD: 30/05/2012 - 18:21:24 - [8,401] ----D C:\Program Files (x86)\MSNRecorderMax
O43 - CFD: 15/07/2012 - 13:00:38 - [1,897] ----D C:\Program Files (x86)\Odebit Multimédia
O43 - CFD: 19/11/2012 - 21:32:59 - [105,404] ----D C:\Program Files (x86)\OperationMania
O43 - CFD: 06/09/2010 - 02:11:02 - [2,685] ----D C:\Program Files (x86)\Pacman
O43 - CFD: 27/08/2012 - 18:14:52 - [64,866] ----D C:\Program Files (x86)\SmashFrenzy4
O43 - CFD: 14/08/2010 - 17:01:42 - [0,000] ----D C:\Program Files (x86)\SniffPass
O43 - CFD: 28/11/2012 - 21:13:04 - [0] ----D C:\Program Files (x86)\STOPzilla!
O43 - CFD: 27/03/2011 - 19:56:12 - [0] ----D C:\Program Files (x86)\Switlle
O43 - CFD: 29/11/2012 - 22:06:09 - [3,499] ----D C:\Program Files (x86)\Tactile Pictures
O43 - CFD: 01/02/2013 - 15:28:57 - [0,924] ----D C:\Program Files (x86)\uTorrent
O43 - CFD: 24/11/2012 - 20:38:27 - [11,057] ----D C:\Program Files (x86)\Webgameplay setup
O43 - CFD: 28/08/2012 - 15:12:33 - [169,864] ----D C:\Program Files (x86)\YoudaFarmer3Seasons
O43 - CFD: 14/02/2013 - 22:10:31 - [1021,162] ----D C:\Program Files (x86)\ZooEmpire
O43 - CFD: 25/03/2013 - 01:30:32 - [15,101] ----D C:\Program Files (x86)\Common Files\PAC7302
O43 - CFD: 02/11/2011 - 22:24:32 - [17,572] ----D C:\Program Files (x86)\Common Files\PAP7501
O43 - CFD: 03/04/2013 - 21:19:47 - [0,191] ----D C:\ProgramData\BerOwsae22savaee
O43 - CFD: 19/11/2012 - 21:34:47 - [0] ----D C:\ProgramData\Dr Maboul - Une opération de malade  !
O43 - CFD: 30/05/2012 - 18:21:26 - [0,000] ----D C:\ProgramData\MSNRecorderMax
O43 - CFD: 28/08/2012 - 16:32:07 - [0,002] ----D C:\ProgramData\Phenomedia
O43 - CFD: 03/04/2012 - 21:08:49 - [0,003] ----D C:\ProgramData\SurfRight
O43 - CFD: 27/02/2011 - 03:18:44 - [2,952] ----D C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9}
O43 - CFD: 23/12/2012 - 18:08:41 - [0,218] ----D C:\Users\jeremy\AppData\Roaming\atunes
O43 - CFD: 08/10/2010 - 14:51:12 - [0,001] ----D C:\Users\jeremy\AppData\Roaming\FMZilla
O43 - CFD: 11/11/2012 - 22:51:06 - [0,087] ----D C:\Users\jeremy\AppData\Roaming\General Downloader
O43 - CFD: 26/10/2012 - 20:25:35 - [0,005] ----D C:\Users\jeremy\AppData\Roaming\GoforFiles
O43 - CFD: 30/12/2012 - 03:07:22 - [0,003] ----D C:\Users\jeremy\AppData\Roaming\MarkSpace
O43 - CFD: 27/08/2012 - 18:26:41 - [0,002] ----D C:\Users\jeremy\AppData\Roaming\MB4
O43 - CFD: 19/11/2012 - 21:32:39 - [0,034] ----D C:\Users\jeremy\AppData\Roaming\mr-java-installer
O43 - CFD: 30/05/2012 - 18:21:26 - [0,000] ----D C:\Users\jeremy\AppData\Roaming\MSNRecorderMax
O43 - CFD: 23/01/2012 - 03:00:08 - [0,253] ----D C:\Users\jeremy\AppData\Roaming\nswb
O43 - CFD: 21/01/2013 - 23:47:25 - [0,000] ----D C:\Users\jeremy\AppData\Roaming\PCToolsFirewallPlus
O43 - CFD: 17/12/2012 - 19:32:52 - [0,005] ----D C:\Users\jeremy\AppData\Roaming\SmartPCTools
O43 - CFD: 27/08/2012 - 18:15:17 - [0] ----D C:\Users\jeremy\AppData\Roaming\SmashFrenzy4
O43 - CFD: 13/09/2010 - 04:10:32 - [0,000] ----D C:\Users\jeremy\AppData\Roaming\updatetool
O43 - CFD: 19/11/2012 - 21:32:54 - [0,001] ----D C:\Users\jeremy\AppData\Roaming\Ustream Producer
O43 - CFD: 30/01/2013 - 05:55:55 - [1,560] ----D C:\Users\jeremy\AppData\Roaming\uTorrent
O43 - CFD: 05/06/2011 - 21:48:12 - [0,025] ----D C:\Users\jeremy\AppData\Local\Ares
O43 - CFD: 21/12/2011 - 17:05:31 - [0,000] ----D C:\Users\jeremy\AppData\Local\Audiggle_LTD
O43 - CFD: 19/11/2012 - 21:32:50 - [0,002] ----D C:\Users\jeremy\AppData\Local\ChatFlowBasic
O43 - CFD: 03/06/2011 - 16:07:45 - [0] ----D C:\Users\jeremy\AppData\Local\eMule
O43 - CFD: 04/02/2013 - 02:40:52 - [0,000] ----D C:\Users\jeremy\AppData\Local\FarmvilleMagicTools
O43 - CFD: 16/04/2013 - 03:13:48 - [14,219] ----D C:\Users\jeremy\AppData\Local\fTalk
O43 - CFD: 23/10/2010 - 04:19:00 - [0] ----D C:\Users\jeremy\AppData\Local\MediaSmart DVD
O43 - CFD: 23/01/2012 - 03:00:13 - [0,111] ----D C:\Users\jeremy\AppData\Local\NudgeMania
O43 - CFD: 05/03/2011 - 16:34:29 - [0,009] ----D C:\Users\jeremy\AppData\Local\Super Internet TV
O43 - CFD: 30/03/2013 - 15:00:45 - [0,001] ----D C:\Users\jeremy\AppData\Local\Symbian-Toys.com
O43 - CFD: 16/04/2013 - 03:07:24 - [0,002] ----D C:\Users\jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\fTalk
~ 169 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 702 Legitimates Filtered in 01mn 58s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.B7D06E31669B76A56709F834CA3F399E] - 19/04/2013 - 23:01:19 ---A- . (...) -- C:\version.dll_log.txt   [129498]
~ Files: 60 Legitimates Filtered in 00mn 19s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.9373904229BBEFC06FC0797FFC0BE12E] - 20/04/2013 - 01:09:26 ---A- - C:\Windows\Prefetch\FTALK.EXE-3DA6F7B3.pf
O45 - LFCP:[MD5.B7104EAB7E0AEE4C6D97AF77F25069DE] - 20/04/2013 - 15:32:16 ---A- - C:\Windows\Prefetch\ZUNEHOST.EXE-6CF736E8.pf
O45 - LFCP:[MD5.AB1FDFF4BFC4C91065AB684835388A61] - 20/04/2013 - 15:32:45 ---A- - C:\Windows\Prefetch\ZUNE.EXE-E2F7EFBA.pf
O45 - LFCP:[MD5.FF6315E240F8653A82E14C2F49B0A295] - 21/04/2013 - 21:04:01 ---A- - C:\Windows\Prefetch\SOUNDRECORDER.EXE-9865DC1B.pf
O45 - LFCP:[MD5.3F526C505B4DD9984151CB35D99FF97E] - 22/04/2013 - 01:19:52 ---A- - C:\Windows\Prefetch\SKYPEPM.EXE-F9E72290.pf
O45 - LFCP:[MD5.9802E627013CA8D6E8DA4F74EB7F94E0] - 22/04/2013 - 01:20:10 ---A- - C:\Windows\Prefetch\DEVICEFINGERPRINT.EXE-22F88599.pf
O45 - LFCP:[MD5.37D503B12DC20675B1479440D30760D8] - 22/04/2013 - 03:03:25 ---A- - C:\Windows\Prefetch\TMEXTINS.EXE-ADCDFBF9.pf
O45 - LFCP:[MD5.EF2D19E0BF9ED422ED6455F3670D835C] - 22/04/2013 - 03:03:28 ---A- - C:\Windows\Prefetch\TMEXTINS32.EXE-B3E6F58A.pf
O45 - LFCP:[MD5.70D5F430BC2F8379B87B5D409CC5AAAA] - 22/04/2013 - 03:03:29 ---A- - C:\Windows\Prefetch\TMEXTINS32.EXE-EF3ED1AA.pf
O45 - LFCP:[MD5.19B770EAC90D743512C9185477DE65E6] - 22/04/2013 - 03:14:24 ---A- - C:\Windows\Prefetch\UNDELETE.EXE-B76BE14E.pf
O45 - LFCP:[MD5.7C8774EA12AF8F383013A966772483E0] - 22/04/2013 - 03:45:42 ---A- - C:\Windows\Prefetch\SDFILES.EXE-2273325F.pf
O45 - LFCP:[MD5.80E0AD92E95E0620E6A430BD90852C4E] - 22/04/2013 - 11:54:35 ---A- - C:\Windows\Prefetch\UIUPDATETRAY.EXE-7B204E08.pf
O45 - LFCP:[MD5.136CA572E89153DBBD7B2F8169DA85EF] - 22/04/2013 - 12:27:41 ---A- - C:\Windows\Prefetch\HPGS2WNF.EXE-18381B86.pf
O45 - LFCP:[MD5.FD712877E2B45048463D11663AE661BD] - 22/04/2013 - 12:43:22 ---A- - C:\Windows\Prefetch\MACONFIGSETUPTEMP.EXE-3607B974.pf
O45 - LFCP:[MD5.654D5E4D0195A138136D7E138F4E429C] - 22/04/2013 - 13:39:29 ---A- - C:\Windows\Prefetch\GAMEXNGO.EXE-5FD8496F.pf
O45 - LFCP:[MD5.9E71869F6D7150AF3C5425C026A415B3] - 22/04/2013 - 13:49:42 ---A- - C:\Windows\Prefetch\HPGS2WNF.EXE-8B511EDE.pf
~ Prefetcher: 148 Legitimates Filtered in 00mn 03s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - EasyBits Security Shield Hook - prevents launching insecure programs by kids [64Bits] - {E54729E8-643D-4270-9D49-7389EA579090} - Clé orpheline
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Free Music Zilla\FMZilla.exe" [Enabled] .(..) -- C:\Program Files (x86)\Free Music Zilla\FMZilla.exe
~ Keys Export: 1 Legitimates Filtered in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (.Pas de propriétaire - HitmanPro 3.7 Support Driver.) -- C:\Windows\System32\Drivers\hitmanpro37.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (.Pas de propriétaire - HitmanPro 3.7 Support Driver.) -- C:\Windows\System32\Drivers\hitmanpro37.sys
~ CSB: 15 Legitimates Filtered in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\DriverMax  [Key] . (...) -- C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\fTalk  [Key] . (.Bandoo Media Inc. - fTalk.) -- C:\Users\jeremy\AppData\Local\fTalk\ftalk.exe  =>Adware.Bandoo
O53 - SMSR:HKLM\...\startupreg\GameXN GO  [Key] . (.GameXN AS - Game Organizer.) -- C:\ProgramData\GameXN\GameXNGO.exe
O53 - SMSR:HKLM\...\startupreg\PC-Doctor for Windows localizer  [Key] . (.PC-Doctor, Inc. - Hardware Diagnostic Tools Localizer.) -- C:\Program Files\PC-Doctor for Windows\localizer.exe
~ SMSR Keys: 21 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys   [491088]
O58 - SDL:[MD5.4C44D82E372A87B3CB439A7F14CFEF03] - 09/07/2010 - 14:08:14 ---A- . (.BitDefender - BitDefender AntiVirus FS filter driver.) -- C:\Windows\SysWOW64\drivers\bdfsfltr.sys   [327368]
~ Drivers:  Scanned in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 19/04/2013 - 03:08:32 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\bookmarkbackups\bookmarks-2013-04-19.json   [8158]
O61 - LFC: 19/04/2013 - 13:50:30 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi   [282569]
O61 - LFC: 19/04/2013 - 13:50:30 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi   [532430]
O61 - LFC: 19/04/2013 - 15:46:02 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\minidumps\fc34f798-cf96-42dc-9895-ebadfb17f865.dmp   [0]
O61 - LFC: 19/04/2013 - 17:10:11 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\minidumps\444b4c0c-2d1f-40ed-af1c-f395761d7477.dmp   [0]
O61 - LFC: 19/04/2013 - 19:59:56 ---A- C:\Users\jeremy\Documents\Mario - Requiem pour un fou ( remonté) .mp3   [6286942]
O61 - LFC: 19/04/2013 - 20:03:26 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\minidumps\b2ba77ef-c35d-4ad2-a57f-899f906fcce4.dmp   [0]
O61 - LFC: 20/04/2013 - 00:23:25 ---A- C:\Users\jeremy\AppData\Roaming\Microsoft\IdentityCRL\Production\MetaConfig.xml   [163]
O61 - LFC: 20/04/2013 - 00:47:21 ---A- C:\Users\jeremy\AppData\Roaming\MessengerDiscovery 2\mdupdate.xml   [151]
O61 - LFC: 20/04/2013 - 01:09:56 ---A- C:\Users\jeremy\AppData\Local\fTalk\fTalk\config.xml   [4605]
O61 - LFC: 20/04/2013 - 02:25:15 ---A- C:\Users\jeremy\AppData\Roaming\MessengerDiscovery 2\3904363200\Settings.xml   [260304]
O61 - LFC: 20/04/2013 - 02:25:16 ---A- C:\Users\jeremy\Documents\Messenger Plus\Mes Historiques de Conversation\Historique des Évènements.xml   [1119196]
O61 - LFC: 20/04/2013 - 02:27:27 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\bookmarkbackups\bookmarks-2013-04-20.json   [8158]
O61 - LFC: 20/04/2013 - 15:32:44 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\minidumps\d817bc6c-75ad-4ca8-8ad7-71860d31a09a.dmp   [0]
O61 - LFC: 21/04/2013 - 02:12:00 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\HTuGwd5KH1XOASfKxDytQQ==.ico   [353]
O61 - LFC: 21/04/2013 - 03:15:14 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\bookmarkbackups\bookmarks-2013-04-21.json   [8158]
O61 - LFC: 21/04/2013 - 03:15:16 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\minidumps\469fca46-03e8-4835-9951-3eb4e7e04154.dmp   [0]
O61 - LFC: 21/04/2013 - 12:23:54 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\minidumps\1184bf2e-15db-45bc-b5ed-2eddfb484d43.dmp   [0]
O61 - LFC: 22/04/2013 - 00:02:01 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\bookmarkbackups\bookmarks-2013-04-22.json   [8158]
O61 - LFC: 22/04/2013 - 00:15:29 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\minidumps\540ca120-0fa1-435e-b0b4-10775d46d52c.dmp   [0]
O61 - LFC: 22/04/2013 - 01:20:14 ---A- C:\Users\jeremy\AppData\Roaming\IMVUClient\ui\profile\blocklist.xml   [135]
O61 - LFC: 22/04/2013 - 01:20:19 ---A- C:\Users\jeremy\AppData\Roaming\IMVUClient\ui\profile\pluginreg.dat   [866]
O61 - LFC: 22/04/2013 - 01:20:20 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\client_session.txt   [17]
O61 - LFC: 22/04/2013 - 01:26:58 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product11939315_6b6b71f93fb91184875548412d2b94b2   [734]
O61 - LFC: 22/04/2013 - 01:26:58 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product14962361_f54108783735c1940bd896e591f3ea28   [472]
O61 - LFC: 22/04/2013 - 01:26:58 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product15069049_a313cd78d9bb3bc6296f614a7f589ce7   [386]
O61 - LFC: 22/04/2013 - 01:26:58 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product15136738_01eb4de613cd7e011572289984a13ac6   [42176]
O61 - LFC: 22/04/2013 - 01:26:58 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product15148111_a3e92ca51a57159492e9f3e0c03caf92   [5636]
O61 - LFC: 22/04/2013 - 01:26:58 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product16840913_334140a91b934ef0138451ffe130d198   [50358]
O61 - LFC: 22/04/2013 - 01:26:58 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product17208347_5ac99611bfd0eaf21dcf2bd1a2573d95   [7783]
O61 - LFC: 22/04/2013 - 01:26:58 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product17900171_71a4a788f61b4a59adaeef90a7e046ae   [8077]
O61 - LFC: 22/04/2013 - 01:26:58 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product18565937_a69732b46f2e03d5c48a70ed1a41acee   [593939]
O61 - LFC: 22/04/2013 - 01:26:58 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product19128405_4de24dbd1309d780d04b6093c0e83434   [1139]
O61 - LFC: 22/04/2013 - 01:26:58 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product4668280_66df1c53c69fcf4bd6fb8d4a71e186fd   [751]
O61 - LFC: 22/04/2013 - 01:27:05 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\0ba6ce0277789da35d60fac37755c2ad   [13809]
O61 - LFC: 22/04/2013 - 01:27:05 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\1507931758e2fcf0656a0e8ae156abab   [57383]
O61 - LFC: 22/04/2013 - 01:27:05 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\705641bc4f3e46afcc311e1f26f9f1b6   [6864]
O61 - LFC: 22/04/2013 - 01:27:05 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\95565b58b28ceb6485b386d0a2c44433   [4005]
O61 - LFC: 22/04/2013 - 01:27:05 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\a0e3442f8814df653b5c3b2ad422911e   [158514]
O61 - LFC: 22/04/2013 - 01:27:05 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\b4649f1241226e158102fb869c53a083   [9429]
O61 - LFC: 22/04/2013 - 01:27:05 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\daadd9a8bd5de1ea6ecaba8db27b0417   [6864]
O61 - LFC: 22/04/2013 - 01:27:05 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product15098246_9f664b29ac2bd3c5f3e201114636a5a0   [25322]
O61 - LFC: 22/04/2013 - 01:27:06 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\3f1955d535e3812652e332e270ac1bf5   [55374]
O61 - LFC: 22/04/2013 - 01:27:06 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product14665673_3635200a9bc0d02742b285cf4ad38b2c   [170653]
O61 - LFC: 22/04/2013 - 01:27:07 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\01c98fdb48f8a46f6fbcfae22b4524fb   [30031]
O61 - LFC: 22/04/2013 - 01:27:07 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\464627b076e4d300fb799e927d4d9998   [33983]
O61 - LFC: 22/04/2013 - 01:27:07 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\5270e04c496d11ec8d851b7754d03802   [14792]
O61 - LFC: 22/04/2013 - 01:27:07 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\a5563485ca3b3ab3ce16f63844597651   [16448]
O61 - LFC: 22/04/2013 - 01:27:07 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\bed28fe31b3f27aa103807fe548133b0   [9643]
O61 - LFC: 22/04/2013 - 01:27:07 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\e2acab55c9a14f9884c31198db185368   [2677]
O61 - LFC: 22/04/2013 - 01:27:07 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\eab14eee393ab1fd8ad223e703ce07ae   [42620]
O61 - LFC: 22/04/2013 - 01:27:07 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\ffc07e2bfd28a8b92539881f34be3c08   [59434]
O61 - LFC: 22/04/2013 - 01:27:08 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\019a773386060279658f6e58fe286be2   [2322]
O61 - LFC: 22/04/2013 - 01:27:08 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\42d86fa7ddfbb8df37934965509d211b   [12778]
O61 - LFC: 22/04/2013 - 01:27:08 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\8cd9968ec959aeb8946ac4acceb6994b   [30094]
O61 - LFC: 22/04/2013 - 01:27:08 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\df7469dcfe827e1fcbe9cbdbc45104cc   [17465]
O61 - LFC: 22/04/2013 - 01:27:08 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\f2c4b53fee120472b4b4bd80debde5bc   [7378]
O61 - LFC: 22/04/2013 - 01:27:08 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product12935587_a19cdfe98991f93903864e773dc6d9b7   [5281]
O61 - LFC: 22/04/2013 - 01:27:09 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\4629219570e13514c165e99a089828b4   [117384]
O61 - LFC: 22/04/2013 - 01:27:09 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\d8dc2e46be677f7b46e4995155b74edb   [10919]
O61 - LFC: 22/04/2013 - 01:27:09 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\dc6e042df40044c7f5ee9866251fc9d5   [59369]
O61 - LFC: 22/04/2013 - 01:27:10 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\651c1cc8572b7e2ccbfd9553cdfe304c   [32614]
O61 - LFC: 22/04/2013 - 01:27:10 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\91223c5a7611aaa6d3d8abe8402cf50e   [59369]
O61 - LFC: 22/04/2013 - 01:27:11 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\09dc6b5ef7f94d38cd488323f8b3fc85   [30094]
O61 - LFC: 22/04/2013 - 01:27:11 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\5bb2fae86d929b0ef9ee6e346e867485   [7578]
O61 - LFC: 22/04/2013 - 01:27:11 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\6c875f042182cfd9ea3854d40704eb62   [30094]
O61 - LFC: 22/04/2013 - 01:27:11 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\f576bfc9d3ec62f182f7a72a8999c5ac   [5260]
O61 - LFC: 22/04/2013 - 01:27:12 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\3010308df1beac018deebfeac725a574   [12810]
O61 - LFC: 22/04/2013 - 01:27:12 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\694791729baab63e9d242d095569d155   [34703]
O61 - LFC: 22/04/2013 - 01:27:12 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\ba33889aa7b55fc6c9f1991f68742d7b   [31012]
O61 - LFC: 22/04/2013 - 01:27:12 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\cc2653d626a31a67e1cbfda348f6d679   [28138]
O61 - LFC: 22/04/2013 - 01:37:42 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product18809810_c0117497e1954c6b1653528c088affc0   [250]
O61 - LFC: 22/04/2013 - 01:37:43 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product18809700_197a366d977348b91839fed48bcb595f   [1838808]
O61 - LFC: 22/04/2013 - 01:38:01 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product18624916_5ea56534e1144b49b0a36747d33e994f   [741]
O61 - LFC: 22/04/2013 - 01:38:06 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product15650987_d0e489d687d09730c3edc4c578ea207a   [70385]
O61 - LFC: 22/04/2013 - 01:38:06 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product6254568_00d70c3917fae9b3ac243059e070758c   [59435]
O61 - LFC: 22/04/2013 - 01:38:08 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\09ffc83ac9cdb94c9786b80868282196   [29557]
O61 - LFC: 22/04/2013 - 01:38:08 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\0e80bc6b8f1188b18daf93689b2d33ca   [12349]
O61 - LFC: 22/04/2013 - 01:38:08 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\12267887e235687925c2930d889f978b   [18443]
O61 - LFC: 22/04/2013 - 01:38:08 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\19d2acd780ffd04f31fdde4a06711e95   [52258]
O61 - LFC: 22/04/2013 - 01:38:08 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\2cf2674447da8e7e6ca987adcc7c0394   [13726]
O61 - LFC: 22/04/2013 - 01:38:08 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\46b379899631a7399d970857c6cb9e3a   [46079]
O61 - LFC: 22/04/2013 - 01:38:08 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\559e1d76a0e2b5c3fe5c0ebc901fa40e   [12557]
O61 - LFC: 22/04/2013 - 01:38:08 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\70a40fca9699eb5362cbc430a0697ac0   [20288]
O61 - LFC: 22/04/2013 - 01:38:08 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\7f4177b7be037520b9fd4981961c2d7c   [15039]
O61 - LFC: 22/04/2013 - 01:38:08 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\91b292033b246b192837e72e8e70d659   [16758]
O61 - LFC: 22/04/2013 - 01:38:08 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\97485bf826905ff375f6155eb010e5c6   [44636]
O61 - LFC: 22/04/2013 - 01:38:08 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\bba9efa5277a8d696476f7097745991c   [1736]
O61 - LFC: 22/04/2013 - 01:38:08 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\d0d9c4a8a585d2206c79cbcc304e8b85   [16758]
O61 - LFC: 22/04/2013 - 01:38:08 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\d8261c3acdde70e897b45d9e65a5ab90   [10591]
O61 - LFC: 22/04/2013 - 01:38:08 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\d94eefc5e66214d9e2b466293e1df4b2   [120303]
O61 - LFC: 22/04/2013 - 01:38:09 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\011e79b8781433a03eef103dc8fc92f3   [19926]
O61 - LFC: 22/04/2013 - 01:38:09 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\07782a4dddb6478ce445de6f67f5ae61   [15669]
O61 - LFC: 22/04/2013 - 01:38:09 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\504953d78167733275a11afb379a2727   [45825]
O61 - LFC: 22/04/2013 - 01:38:09 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\54e78558fdc9c9fab2dd5a04f552d9f4   [18692]
O61 - LFC: 22/04/2013 - 01:38:09 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\56e542c43e8dbb4aa36031d22952e81f   [11311]
O61 - LFC: 22/04/2013 - 01:38:09 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\65228f3365290ef4d1aa631942a6cdae   [12615]
O61 - LFC: 22/04/2013 - 01:38:09 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\6d8890293812a76cbcaf5d61d76c716f   [11941]
O61 - LFC: 22/04/2013 - 01:38:09 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\75e91bd6dfaa342c0bee02fecba89f2b   [275284]
O61 - LFC: 22/04/2013 - 01:38:09 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\aaf8b24776c0fa650f5ccc4bccd646e5   [12581]
O61 - LFC: 22/04/2013 - 01:38:09 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\c78f943e6194649880695a2eb8fa4ba1   [11091]
O61 - LFC: 22/04/2013 - 01:38:09 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\e50c258bdafdd717b802634588968124   [15669]
O61 - LFC: 22/04/2013 - 01:38:09 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\e7687e8910065ac82e81896f0c54789a   [12467]
O61 - LFC: 22/04/2013 - 01:46:40 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\product17877315_941c3c4912be0757346f09a449393b0c   [145112]
O61 - LFC: 22/04/2013 - 01:46:41 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\0e06ad4fbed95c5608d6b8a626673f6b   [38767]
O61 - LFC: 22/04/2013 - 01:46:41 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\1043a323ad7534128059afbba37c180c   [22184]
O61 - LFC: 22/04/2013 - 01:46:41 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\25150555223f2da29d3aa60df57c4b9d   [67648]
O61 - LFC: 22/04/2013 - 01:46:41 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\28444b4db4fa3f7746c949aeed7e4e3a   [57464]
O61 - LFC: 22/04/2013 - 01:46:41 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\ab9cc71eac86425e00ea40079a04f0e1   [1838]
O61 - LFC: 22/04/2013 - 01:46:41 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\c2383f393a313a5591aaf01f83f2dcb8   [24085]
O61 - LFC: 22/04/2013 - 01:46:42 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\3e445b74509fcd7c4ac6f35e7e64de04   [22513]
O61 - LFC: 22/04/2013 - 01:46:42 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\HttpCache\870ca190a538bd3936a92c16050ec862   [20507]
O61 - LFC: 22/04/2013 - 01:47:17 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\productAuth.pickle   [110379]
O61 - LFC: 22/04/2013 - 01:50:34 ---A- C:\Users\jeremy\AppData\Roaming\IMVUClient\ui\profile\places.sqlite   [176128]
O61 - LFC: 22/04/2013 - 01:50:34 ---A- C:\Users\jeremy\AppData\Roaming\IMVUClient\ui\profile\places.sqlite-journal   [0]
O61 - LFC: 22/04/2013 - 02:00:21 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\IMVULog.log.1   [2097031]
O61 - LFC: 22/04/2013 - 02:13:17 ---A- C:\Users\jeremy\AppData\Roaming\IMVU\_buddyState.pickle   [12873]
O61 - LFC: 22/04/2013 - 02:14:14 ---A- C:\Users\jeremy\AppData\Roaming\IMVUClient\ui\profile\cert8.db   [65536]
O61 - LFC: 22/04/2013 - 02:14:14 ---A- C:\Users\jeremy\AppData\Roaming\IMVUClient\ui\profile\key3.db   [16384]
O61 - LFC: 22/04/2013 - 03:02:15 ---A- C:\Users\jeremy\AppData\Roaming\go\2013-04-22-0.ezlog   [0]
O61 - LFC: 22/04/2013 - 03:16:08 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\minidumps\7c8edf6c-c820-4209-82cd-c9373a08e86b.dmp   [0]
O61 - LFC: 22/04/2013 - 11:15:53 ---A- C:\Users\jeremy\AppData\Roaming\go\2013-04-22-1.ezlog   [0]
O61 - LFC: 22/04/2013 - 12:20:28 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\4gPpjkxgZzXPVtuEoAL9Ig==.ico   [175]
O61 - LFC: 22/04/2013 - 12:20:28 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\Dl0XLJKtfnlo8ij6Gs7cIw==.ico   [426]
O61 - LFC: 22/04/2013 - 12:20:28 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\JjK_k_lNCGuIA1rp2r_WzA==.ico   [175]
O61 - LFC: 22/04/2013 - 12:20:28 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\pWi4gU4ZlEYQ8oEz0DIX4Q==.ico   [175]
O61 - LFC: 22/04/2013 - 12:20:28 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\sy5lsLReSErDEkPc6fL3EA==.ico   [175]
O61 - LFC: 22/04/2013 - 12:20:28 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\jumpListCache\utqwQLOiWlaaoeJ2Qancsg==.ico   [175]
O61 - LFC: 22/04/2013 - 12:23:26 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\adblockplus-rules.json   [365283]
O61 - LFC: 22/04/2013 - 12:40:22 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\2SjXaUKyEagL35dPjZj+Sg==.ico   [345]
O61 - LFC: 22/04/2013 - 12:49:42 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\+9qSnbYkoYoA_qIj_t4iVw==.ico   [614]
O61 - LFC: 22/04/2013 - 13:26:00 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\pluginreg.dat   [12808]
O61 - LFC: 22/04/2013 - 13:26:42 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\minidumps\b0e55b95-fdf7-427b-98db-6fcb0cc44fba.dmp   [0]
O61 - LFC: 22/04/2013 - 13:48:52 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\extensions.sqlite   [524288]
O61 - LFC: 22/04/2013 - 13:50:56 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\blocklist.xml   [62333]
O61 - LFC: 22/04/2013 - 13:53:03 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\addons.sqlite   [524288]
O61 - LFC: 22/04/2013 - 14:08:59 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\MJHQ06M51JqET0rLGWxlQQ==.ico   [264]
O61 - LFC: 22/04/2013 - 14:23:36 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\formhistory.sqlite   [327680]
O61 - LFC: 22/04/2013 - 14:23:36 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\signons.sqlite   [84992]
O61 - LFC: 22/04/2013 - 14:24:48 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\shortcutCache\Se0CkMwRQGkwRbgZDkpi8A==.ico   [952]
O61 - LFC: 22/04/2013 - 14:35:38 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\downloads.sqlite   [98304]
O61 - LFC: 22/04/2013 - 14:35:42 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\permissions.sqlite   [5120]
O61 - LFC: 22/04/2013 - 14:35:44 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\content-prefs.sqlite   [229376]
O61 - LFC: 22/04/2013 - 14:59:44 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\safebrowsing\goog-malware-shavar.cache   [12]
O61 - LFC: 22/04/2013 - 14:59:44 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\safebrowsing\goog-malware-shavar.sbstore   [1669770]
O61 - LFC: 22/04/2013 - 14:59:45 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\safebrowsing\goog-malware-shavar.pset   [838994]
O61 - LFC: 22/04/2013 - 15:01:36 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\thumbnails\0e5d172c92ad7e7968f228fa1acedc23.png   [5658]
O61 - LFC: 22/04/2013 - 15:01:42 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\sessionstore.bak   [4612]
O61 - LFC: 22/04/2013 - 15:01:55 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\cert8.db   [376832]
O61 - LFC: 22/04/2013 - 15:01:55 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\key3.db   [16384]
O61 - LFC: 22/04/2013 - 15:01:58 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\webappsstore.sqlite   [3819520]
O61 - LFC: 22/04/2013 - 15:05:03 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\cookies.sqlite-shm   [32768]
O61 - LFC: 22/04/2013 - 15:05:03 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\places.sqlite-shm   [32768]
O61 - LFC: 22/04/2013 - 15:05:03 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\webapps\webapps.json   [2]
O61 - LFC: 22/04/2013 - 15:05:06 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\adblockplus\elemhide.css   [1568351]
O61 - LFC: 22/04/2013 - 15:05:07 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\urlclassifierkey3.txt   [154]
O61 - LFC: 22/04/2013 - 15:05:08 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\safebrowsing\test-malware-simple.cache   [44]
O61 - LFC: 22/04/2013 - 15:05:08 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\safebrowsing\test-malware-simple.pset   [16]
O61 - LFC: 22/04/2013 - 15:05:08 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\safebrowsing\test-malware-simple.sbstore   [232]
O61 - LFC: 22/04/2013 - 15:05:08 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\safebrowsing\test-phish-simple.sbstore   [232]
O61 - LFC: 22/04/2013 - 15:05:09 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\safebrowsing\test-phish-simple.cache   [44]
O61 - LFC: 22/04/2013 - 15:05:09 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\safebrowsing\test-phish-simple.pset   [16]
O61 - LFC: 22/04/2013 - 15:05:15 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\thumbnails\1f627eb1947346b13c7615bef9611205.png   [139170]
O61 - LFC: 22/04/2013 - 15:05:36 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\prefs.js   [2905703]
O61 - LFC: 22/04/2013 - 15:06:39 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\safebrowsing\goog-phish-shavar.sbstore   [584112]
O61 - LFC: 22/04/2013 - 15:06:40 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\safebrowsing\goog-phish-shavar.cache   [12]
O61 - LFC: 22/04/2013 - 15:06:40 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\safebrowsing\goog-phish-shavar.pset   [678108]
O61 - LFC: 22/04/2013 - 15:06:49 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\thumbnails\0ae85bd749507123bd99bb4b2c3adcc9.png   [92616]
O61 - LFC: 22/04/2013 - 15:07:15 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\localstore.rdf   [35164]
O61 - LFC: 22/04/2013 - 15:07:20 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\thumbnails\583c29e1f538c48f06cf24f2416e1970.png   [83936]
O61 - LFC: 22/04/2013 - 15:07:25 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\thumbnails\a0caaebd29f63631ceef78ccc855d2ef.png   [93587]
O61 - LFC: 22/04/2013 - 15:07:58 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\thumbnails\f7473567f561a3cc196f7743ac485ee8.png   [116976]
O61 - LFC: 22/04/2013 - 15:08:02 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\startupCache\startupCache.4.little   [53866]
O61 - LFC: 22/04/2013 - 15:10:16 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\places.sqlite   [10485760]
O61 - LFC: 22/04/2013 - 15:10:17 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\thumbnails\9055d49e6bad69b306002822b2bd9cc2.png   [116974]
O61 - LFC: 22/04/2013 - 15:10:29 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\thumbnails\429b722fa9ef12bc2ae18c6fdaa16ede.png   [86793]
O61 - LFC: 22/04/2013 - 15:11:21 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\thumbnails\4186a6767f6b65ce87dea47659783a65.png   [118891]
O61 - LFC: 22/04/2013 - 15:11:23 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\cookies.sqlite   [1572864]
O61 - LFC: 22/04/2013 - 15:11:23 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\cookies.sqlite-wal   [0]
O61 - LFC: 22/04/2013 - 15:11:24 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\thumbnails\c22acb003ac5038c89b53549a5a5342c.png   [80296]
O61 - LFC: 22/04/2013 - 15:11:46 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\sessionstore.js   [7930]
O61 - LFC: 22/04/2013 - 15:11:47 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\_CACHE_CLEAN_   [1]
O61 - LFC: 22/04/2013 - 15:11:49 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\places.sqlite-wal   [41232]
O61 - LFC: 22/04/2013 - 15:11:49 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\thumbnails\92306988cdf124e6a267082509b7bd6a.png   [116969]
O61 - LFC: 22/04/2013 - 15:11:49 ---A- C:\Users\jeremy\AppData\Roaming\Mozilla\Profiles\a2banvtb.Utilisateur par défaut\thumbnails\f6e40eeaaaf189d71e0c5c8083ea709f.png   [116969]
~ 23 Fichiers temporaires (Temporary files)
~ Files: 1146 Legitimates Filtered in 39mn 35s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
O63 - Logiciel: RSIT - (.random/random.)
~ ADS:  Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (ctredr15.sys)  .(...) - LEGACY_CTREDR15.SYS
O64 - Services: CurCS - 03/04/2012 - C:\Windows\system32\drivers\hitmanpro36.sys (hitmanpro35)  .(.Pas de propriétaire - HitmanPro 3.6 Support Driver.) - LEGACY_HITMANPRO35
O64 - Services: CurCS - 20/03/2013 - C:\Windows\system32\drivers\hitmanpro37.sys (hitmanpro37)  .(.Pas de propriétaire - HitmanPro 3.7 Support Driver.) - LEGACY_HITMANPRO37
O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (sbapifs)  .(...) - LEGACY_SBAPIFS
~ Legacy: 154 Legitimates Filtered in 00mn 01s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <Google Chrome.Autorisation> <Google Chrome>[HKLM\..\Shell\open\Command] (.Not Key.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <Opera> <Opera>[HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Opera.exe
~ Keys:  Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {50713636-91C4-4AD8-9F0B-92C84C7267BA} - (Google) - http://www.google.fr
O69 - SBI: SearchScopes [HKCU] {740ADE67-27D1-46E7-9101-EE4A06240359} - (Yahoo-FileServe) - http://fileservehome.com
O69 - SBI: SearchScopes [HKCU] {8D5BA109-1674-4EA3-B303-A0B4A7E819F6} - (Yahoo! Search) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {CC1DA801-494E-46CB-8994-45059DF5B853} - (Bing) - http://www.bing.com
~ Keys:  Scanned in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.2D2634136D7F4D222C0101B09B54605B] [SPRF][28/11/2012] (...) -- C:\ProgramData\1354060113.bdinstall.bin   [417046]
[MD5.089066BACC26040B415397A9577515C5] [SPRF][28/11/2012] (...) -- C:\ProgramData\1354060641.bdinstall.bin   [215549]
[MD5.F93F36D10162A7D17D6A70EB8E106262] [SPRF][06/10/2010] (...) -- C:\ProgramData\bdinstall.bin   [160008]
[MD5.3E818A640D6B53CDF839CC8B7E4E1CE2] [SPRF][25/11/2012] (...) -- C:\ProgramData\NanoRepository.bin   [6080]
[MD5.4541335F712FBB52BA6A9FB593F77E76] [SPRF][21/05/2010] (.Hewlett-Packard - HP Help Updater.) -- C:\Users\jeremy\AppData\Local\Temp\HPHelpUpdater.exe   [74808]
[MD5.8B97A57EB362766306FB2BA18B39A277] [SPRF][22/04/2013] (...) -- C:\Users\jeremy\AppData\Local\Temp\MaConfigSetupTemp.exe   [4876536]
[MD5.7A79D02EDC9EB290F5BBD681D276A5E0] [SPRF][04/05/2012] (.Hewlett-Packard Company - Resource.) -- C:\Users\jeremy\AppData\Local\Temp\Resource.exe   [31616]
[MD5.C6A605D7A0421233F98D212C1709C00E] [SPRF][15/04/2013] (.Skype Technologies S.A. - Skype.) -- C:\Users\jeremy\AppData\Local\Temp\SkypeSetup.exe   [30620776]
[MD5.F84CA10E2F775F6E5D1F1A2A2D0569E1] [SPRF][16/04/2013] (...) -- C:\Users\jeremy\AppData\Local\Temp\temp.bat   [447]
[MD5.239CB72E0605A43BF856BCD49712D1FA] [SPRF][27/09/2012] (.Hewlett-Packard Company - HP Support Assistant Uninstaller.) -- C:\Users\jeremy\AppData\Local\Temp\UninstallHPSA.exe   [114080]
[MD5.0E0045E0BE24AADE596C83E52D58F683] [SPRF][22/04/2013] (...) -- C:\Users\jeremy\AppData\Local\Temp\~gu-ver.dat   [116]
[MD5.7DA96CA8A31F14D35AE836EFC48B45CB] [SPRF][20/10/2011] (...) -- C:\Users\jeremy\AppData\Roaming\jeremylog.dat   [787]
[MD5.CC53E0D99DC90101345F76658A3B7E12] [SPRF][05/03/2011] (...) -- C:\Users\jeremy\AppData\Roaming\SQLite3.dll   [58275]
[MD5.AE07903B1663ACDA1AAEFE105B5FEA3D] [SPRF][06/03/2011] (...) -- C:\Users\jeremy\AppData\Roaming\system.dat   [24978]
[MD5.0BF98FB84851D2214B61E38093557980] [SPRF][21/06/2011] (...) -- C:\Users\jeremy\AppData\Roaming\wklnhst.dat   [170]
[MD5.392FF5AE84228D07F0DE76488FA4A735] [SPRF][03/01/2013] (.Audacity Team - Audacity Setup.) -- C:\Users\jeremy\Desktop\audacity-win-2.0.2.exe   [21415874]
[MD5.BF24AD166B5E9A55D53B8582AA675A90] [SPRF][05/05/2012] (.Facebook Inc. - Setup.) -- C:\Users\jeremy\Desktop\FacebookMessengerSetup.exe   [493512]
[MD5.FEE1D58C6AD73F25EB0DAD4F690560AD] [SPRF][26/12/2012] (.Facebook Inc. - Setup.) -- C:\Users\jeremy\Desktop\FacebookVideoCallSetup_v1.2.205.0.exe   [501248]
[MD5.A5C3AA63CFECDA1A78CD51AF270A69F4] [SPRF][21/01/2013] (.Pas de propriétaire - PC Tools Firewall Plus Setup.) -- C:\Users\jeremy\Desktop\fwinstall.exe   [10267520]
[MD5.17DE29775C62386BBBEE72A18EE64109] [SPRF][02/04/2013] (...) -- C:\Users\jeremy\Desktop\MaConfig_win.exe   [256328]
[MD5.266404D2B89BDA7F1D528032C713C082] [SPRF][05/05/2012] (.Microsoft Corporation - Self-Extracting Cabinet.) -- C:\Users\jeremy\Desktop\Silverlight_x64.exe   [13072536]
[MD5.28D3932F714BF71D78E75D36AA2E0FB8] [SPRF][24/06/2012] (.Microsoft Corporation - Self Extracting Stub.) -- C:\Users\jeremy\Desktop\windows6.1-KB976932-X64.exe   [947070088]
[MD5.ED324284FA119EF0F240AC9E2262D666] [SPRF][10/02/2012] (.Microsoft Corporation - Windows Media Component Setup Application.) -- C:\Users\jeremy\Desktop\wmpfirefoxplugin(2).exe   [318904]
[MD5.ED324284FA119EF0F240AC9E2262D666] [SPRF][09/05/2012] (.Microsoft Corporation - Windows Media Component Setup Application.) -- C:\Users\jeremy\Desktop\wmpfirefoxplugin.exe   [318904]
[MD5.C894B3D3F6E80BBD259A0DC692EC9C4C] [SPRF][22/04/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Users\jeremy\Desktop\ZHPDiag2.exe   [5594898]
[MD5.B340DBA478293038477F60BE7C78D1DC] [SPRF][16/12/2012] (...) -- C:\Program Files (x86)\KaraokeSetup.exe   [770938]
~ Files:  Scanned in 00mn 48s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{870E29C0-849F-4E5C-919E-FF82780C5E98}" | In - Private - P6 - TRUE | .(.SightSpeed Inc. - SightSpeed Video Calling.) -- C:\Program Files (x86)\SightSpeed\SightSpeed.exe
O87 - FAEL: "{BD019716-0154-470D-9993-2AF6510EC051}" | In - Private - P17 - TRUE | .(.SightSpeed Inc. - SightSpeed Video Calling.) -- C:\Program Files (x86)\SightSpeed\SightSpeed.exe
~ Firewall: 219 Legitimates Filtered in 00mn 01s



---\\ Scan Additionnel (O88)
Database Version : v2.11631 - (21/04/2013)
Clés trouvées (Keys found) : 33
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 5
Fichiers trouvés  (Files found) : 0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\CC94835868BCA58489B0D79DE655BCB1]   =>PUP.Dealio
[HKLM\Software\Classes\Installer\Features\D82C50F59AED6DA47AA360145789E8BA]   =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D82C50F59AED6DA47AA360145789E8BA]   =>PUP.Dealio
[HKLM\Software\Wow6432Node\Classes\Installer\Features\D82C50F59AED6DA47AA360145789E8BA]   =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB525538DB364CE4495200ECDA84942C]   =>Adware.SPointer
[HKLM\Software\CrazyLoader]   =>Adware.SPointer
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]   =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]   =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8]   =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]   =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]   =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044]   =>PUP.Dealio
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion]   =>Toolbar.Yahoo
[HKLM\Software\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}]   =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}]   =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}]   =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}]   =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}]   =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}]   =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}]   =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}]   =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}]   =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}]   =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}]   =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}]   =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}]   =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}]   =>Toolbar.Freecorder
[HKLM\Software\Wow6432Node\Microsoft\Tracing\boxore_RASAPI32]   =>Adware.Boxore
[HKLM\Software\Wow6432Node\Microsoft\Tracing\boxore_RASMANCS]   =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA]   =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC]   =>Adware.Boxore^
C:\Program Files (x86)\Webgameplay setup   =>Toolbar.Agent
C:\Users\jeremy\AppData\LocalLow\Protection_ZoneAlarm   =>Toolbar.Conduit
C:\ProgramData\BerOwsae22savaee  =>Adware.Browse2Save^
C:\Users\jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\0\Extensions\plugin@yontoo.com   =>Adware.Yontoo
C:\Users\jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\jeremy\Extensions\plugin@yontoo.com   =>Adware.Yontoo
~ Additionnel Scan: 457814 Items scanned in 00mn 34s



---\\ Product Upgrade Codes (O90)
O90 - PUC: "7E9C3C6D433D8194DB75B5E11FC402D7" . (.Bing Bar.) -- C:\Windows\Installer\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}\icon_installer_ico
O90 - PUC: "9888910D6677B424BA181FF6E8DDEF4F" . (.Facemoods.) -- C:\Windows\Installer\{D0198889-7766-424B-AB81-F16F8EDDFEF4}\ARPPRODUCTICON.exe  =>Adware.Facemoods
O90 - PUC: "AC250698790157240B487D440488F16E" . (.AKVIS SmartMask.) -- C:\Windows\Installer\{896052CA-1097-4275-B084-D74440881FE6}\ARPPRODUCTICON.exe
O90 - PUC: "C5DCD2F8B572E5040868FB1B3BEC20EF" . (.PixEasy.) -- C:\Windows\Installer\{8F2DCD5C-275B-405E-8086-BFB1B3CE02FE}\ARPPRODUCTICON.exe
O90 - PUC: "DFFDD08F030DCCC4FA30DBE8EEE502DE" . (.General Module.) -- C:\Windows\Installer\{F80DDFFD-D030-4CCC-AF03-BD8EEE5E20ED}\_6FEFF9B68218417F98F549.exe
~ Update Products: 207 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 22/11/2010 72704 |  (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
SS - | Demand 18/12/2012 65192 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 11/04/2013 256904 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 16/11/2012 238080 |  (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 13/07/2012 310952 |  (Amsp) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
SS - | Auto 10/02/2012 193816 |  (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
SR - | Demand 10/02/2012 240408 |  (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
SR - | Auto 30/08/2011 462184 |  (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SS - | Demand 12/10/2010 206072 |  (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Disabled 14/08/2010 135664 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 14/08/2010 135664 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 16/08/2012 194032 |  (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 22/10/2004 73728 |  (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SR - | Auto 20/08/2009 73728 |  (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 22/04/2013 1141072 |  (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SS - | Demand 12/04/2013 115608 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 26/01/2009 1153368 |  (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
SS - | Demand 19/12/2012 732648 |  (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Disabled  207872 |  (Serviio) . (...) - C:\Program Files\Serviio\bin\ServiioService.exe
SR - | Auto 26/02/2013 3560800 |  (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
SS - | Auto  0 |  (Threatdiction Web Filtring) . (...) - C:\Program Files (x86)\Threatdiction\Threatdiction.exe
SS - | Disabled 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Disabled  0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Disabled 09/11/2008 602392 |  (YahooAUService) . (.Yahoo! Inc..) - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
~ Services:  Scanned in 00mn 03s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by jeremy at 22/04/2013 16:27:35

device: opened successfully
user: error reading MBR 

Disk trace:
error: Read  Descripteur non valide
kernel: error reading MBR 
~ MBR: 9 Legitimates Filtered in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by jeremy at 22/04/2013 16:27:37

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR:  Scanned in 00mn 04s



~ 3491 Legitimates filtered by white list
End of the scan (1080 lines in 51mn 35s)(0)