cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2013.10.12.33 - Nicolas Coolman (12/10/2013)
~ Launched by bertrand (13/10/2013 15:10:08)
~ Web site address : http://nicolascoolman.webs.com
~ Translated by
~ Version State :
~ White List : Deactivate by user
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program


---\\ Internet browsers
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 24.0 (Defaut)
GCIE: Google Chrome v30.0.1599.69
OBIE: Safari v5.34.57.2

---\\ Windows product information
~ Langage: Anglais
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client v4.3.0219.0
Windows Defender W7

---\\ System optimization software

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 25

---\\ Information on the system
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3690 MB (53% free)
System Restore: D�sactiv� (Disabled)
System drive C: has 48 GB (17%) free of 274 GB

---\\ Connection to the system mode
~ Computer Name: BERTRAND-HP
~ User Name: bertrand
~ All Users Names: HomeGroupUser$, Guest, bertrand, ASPNET, Administrator,
~ Unselected Option: None
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\bertrand\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\bertrand\AppData\Roaming\
~ %Desktop% : C:\Users\bertrand\Desktop\
~ %Favorites% : C:\Users\bertrand\Favorites\
~ %LocalAppData% : C:\Users\bertrand\AppData\Local\
~ %StartMenu% : C:\Users\bertrand\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 48 Go of 274 Go)
D: Hard drive, Flash drive, Thumb drive (Free 0 Go of 20 Go)
E: Hard drive, Flash drive, Thumb drive (Free 3 Go of 4 Go)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: 38 Scanned in 00mn 00s



---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.18/10/2011 - 01:42:28.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.14/07/2009 - 01:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.3CD6F07E6416ED6E18A1965CD2B9144A] - (.Microsoft Corporation - Internet Extensions for Win32.) (.22/09/2013 - 14:33:53.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) (.21/11/2010 - 03:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.21/11/2010 - 03:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.314C17917AC8523EC77A710215012A65] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 01:10:19.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 03:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 03:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 03:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 23:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.18/10/2011 - 01:47:51.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 03:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT File System Driver.) (.12/04/2013 - 14:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.14/07/2009 - 00:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 03:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 03:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.18/10/2011 - 01:37:48.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/86
~ Mes musiques (My Musics) : 99/143
~ Mes Videos (My Videos) : 7/55
~ Mes Favoris (My Favorites) : 1/11
~ Mes Documents (My Documents) : 2/1581
~ Mon Bureau (My Desktop) : 1/9568
~ Menu demarrer (Programs) : 1/48
~ Hidden Files: Scanned in 00mn 09s



---\\ Process running
[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.4860]
[MD5.7DFCCC67990B6DE7F30F553A4E4612A4] - (...) -- C:\Program Files (x86)\RocketDock\RocketDock.exe [495616] [PID.4944]
[MD5.1542D48BEF0C07513453CDEF1577BB79] - (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe [691656] [PID.4988]
[MD5.F6987FF6C6D683F79FDCE707B071A997] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe [955392] [PID.5028]
[MD5.519A3A78F732B41236466FE9556D991A] - (.Microsoft Corporation - Microsoft Encarta Dictionaries.) -- C:\Program Files (x86)\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.exe [424728] [PID.4392]
[MD5.A5257492F2657D454C33CCF093B92B73] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3665488] [PID.4544]
[MD5.FAA729BC3B4EC2900D14E1F0F4D30ED0] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe [268248] [PID.3676]
[MD5.0D3745CA2F064F2D6B6388C6AA5D3BC7] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [844752] [PID.4144]
[MD5.C5F101D7E53AA530BB0496EB9556807C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8076288] [PID.5564]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1616]
[MD5.46886B607192E6E0BBAD33D32FA32E85] - (.Microsoft Corporation - .NET Runtime Optimization Service.) -- C:\Windows\Microsoft.NET\Frameworkx86\v4.0.30319\mscorsvw.exe [16990720] [PID.1876]
[MD5.CA793DCC1D5F619021EF1D37CC7A831E] - (.EasyBits Software AS - Shared EasyBits services for Windows.) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232] [PID.1440]
[MD5.440541D1D17A4B955A55E3DD09EF063E] - (...) -- C:\Program Files (x86)\MySQL\MySQL Server 5.1\bin\mysqld.exe [6287360] [PID.2392]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2652]
[MD5.73E3B5D1F1EB5FDC51A5C3437EEE3348] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3273088] [PID.2680]
[MD5.5E53CF8AD0FD33B35000C113656AB37B] - (.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2754984] [PID.2784]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2984]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3536]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com
G0 - GCSP: Preference [User Data\Default] http://google.com
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Store v.0.2 (Activ�)
G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] YouTube v.4.2.6 (Activ�)
G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Recherche Google v.0.0.0.20 (Activ�)
G2 - GCE: Preference [User Data\Default] [dhkplhfnhceodhffomolpfigojocbpcb] Babylon Toolbar v.1.9 (D�sactiv�) =>Toolbar.Babylon
G2 - GCE: Preference [User Data\Default] [eemcgdkfndhakfknompkggombfjjjeno] Bookmark Manager v.0.1 (Activ�)
G2 - GCE: Preference [User Data\Default] [ennkphjdgehloodpbhlhldgbnhmacadg] Settings v.0.2 (Activ�)
G2 - GCE: Preference [User Data\Default] [fjoijdanhaiflhibkljeklcghcmmfffh] WebCake v.1.0.3 (D�sactiv�) =>Adware.WebCake
G2 - GCE: Preference [User Data\Default] [jeaohhlajejodfjadcponpnjgkiikocn] IDM Integration Module v.6.17.7, (Activ�)
G2 - GCE: Preference [User Data\Default] [lifbcibllhkdhoafpjfnlhfpfgnpldfl] Skype Click to Call v.6.12.0.13601, (D�sactiv�)
G2 - GCE: Preference [User Data\Default] [mfehgcgbbipciphmccgaenjidiccnmng] Cloud Print v.0.1 (Activ�)
G2 - GCE: Preference [User Data\Default] [mgndgikekgjfcpckkfioiadnlibdjbkf] Chrome v.0.1 (Activ�)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Chrome In-App Payments service v.0.0.4.11 (Activ�)
G2 - GCE: Preference [User Data\Default] [phlpjnmkcepflfoglccifhajagahaglm] MegaSkipper v.19.66 (Activ�)
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Gmail v.7 (Activ�)
~ Google Browser: 17 Scanned in 01mn 30s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\bertrand\AppData\Roaming\Mozilla\Firefox\Profiles\opvyqkfm.default\prefs.js
M0 - MFSP: prefs.js [bertrand - opvyqkfm.default] http://www.google.com
P2 - FPN:Firefox Plugin Navigator . (.Macromedia, Inc. - Macromedia Shockwave for Director Netscape plug-in, version 10.1.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\np32dsw.dll
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.8.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\nppdf32.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin2.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin3.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin4.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin5.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin6.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin7.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll
P2 - FPN: [HKLM] [@ma-config.com/HardwareDetection] - (.Cybelsoft - Plugin NPAPI Ma-Config.com # win64 # 6.5.0.3.) -- C:\Program Files\ma-config.com\x64\nphardwaredetection.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.20913.0.) -- c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.dll
P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited - Facebook Video Calling Plugin.) -- C:\Users\bertrand\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
~ Firefox Browser: 24 Scanned in 00mn 00s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Browser.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\SysWOW64\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ IE Browser: 18 Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896; =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 23



---\\ Browser Helper Objects (O2)
O2 - BHO: IDM Helper [64Bits] - {0055C089-8582-441B-A0BF-17B458C2A3A8} . (.Internet Download Manager, Tonec Inc. - IDM Browser Helper Object.) -- C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper [64Bits] - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.dll
O2 - BHO: Java(tm) Plug-In SSV Helper [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft� Windows Live ID Login Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO [64Bits] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
~ BHO: 10 Scanned in 00mn 00s



---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: ACID Pro 7.0.lnk . (.Sony Creative Software Inc. - ACID Pro 7.0.) -- C:\Program Files (x86)\Sony\ACID Pro 7.0\acid70.exe
O4 - GS\Desktop [Public]: Adobe Download Assistant.lnk . (...) -- C:\Program Files (x86)\Adobe Download Assistant\Adobe Download Assistant.exe
O4 - GS\Desktop [Public]: Adobe Reader X.lnk . (.Adobe Systems Incorporated - Adobe Reader.) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
O4 - GS\Desktop [Public]: Appnimi ZIP Password Unlocker.lnk . (...) -- C:\Program Files (x86)\Appnimi\Appnimi ZIP Password Unlocker\AppnimiZipPasswordUnlocker.exe
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: AVGO Free Video Downloader.lnk . (.AVGO - No Comment.) -- C:\Program Files (x86)\AVGO\Free-Video-Downloader\AVGoVideoDownloader.exe
O4 - GS\Desktop [Public]: Camtasia Studio�7.lnk . (.TechSmith Corporation - Camtasia Studio.) -- C:\Program Files (x86)\TechSmith\Camtasia Studio 7\CamtasiaStudio.exe
O4 - GS\Desktop [Public]: DAEMON Tools Lite.lnk . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe =>.DT Soft Ltd
O4 - GS\Desktop [Public]: FMW Ultimate SliKy i2.lnk . (...) -- C:\Program Files (x86)\Fly My World Corporate\Ultimate Reborn - Extension SliKy\Patcher-FMW.exe
O4 - GS\Desktop [Public]: GIMP 2.lnk . (...) -- C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe
O4 - GS\Desktop [Public]: Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: PCSX2 0.9.8 (r4600).lnk . (...) -- C:\Program Files (x86)\PCSX2 0.9.8\pcsx2-r4600.exe
O4 - GS\Desktop [Public]: Picasa 3.lnk . (.Google Inc. - Picasa.) -- C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
O4 - GS\Desktop [Public]: Safari.lnk . (...) -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\Desktop [Public]: Samsung Kies (Lite).lnk . (...) -- C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe
O4 - GS\Desktop [Public]: Samsung Kies.lnk . (...) -- C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe
O4 - GS\Desktop [Public]: Skype.lnk . (...) -- C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
O4 - GS\Desktop [Public]: Start the detection.lnk . (...) -- C:\Program Files (x86)\ma-config.com\x64\MCDetection.exe (.not file.)
O4 - GS\Desktop [Public]: Steam.lnk . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files (x86)\Steam\Steam.exe
O4 - GS\Desktop [Public]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) -- C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
O4 - GS\Desktop [Public]: TeamViewer 7.lnk . (.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
O4 - GS\Desktop [Public]: Video Search.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: VLC media player.lnk . (.VideoLAN - VLC media player 2.1.0.) -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe =>.VideoLAN
O4 - GS\Program [Public]: Adobe Bridge CS6 (64bit).lnk . (.Adobe Systems, Inc. - Adobe Bridge CS6.) -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe =>.Adobe Systems Incorporated
O4 - GS\Program [Public]: Adobe Download Assistant.lnk . (...) -- C:\Program Files (x86)\Adobe Download Assistant\Adobe Download Assistant.exe
O4 - GS\Program [Public]: Adobe ExtendScript Toolkit CS6.lnk . (.Adobe Systems Incorporated - ExtendScript Toolkit CS6 and Debugger (32 b.) -- C:\Program Files (x86)\Adobe\Adobe Utilities - CS6\ExtendScript Toolkit CS6\ExtendScript Toolkit.exe =>.Adobe Systems Incorporated
O4 - GS\Program [Public]: Adobe Help.lnk . (...) -- C:\Program Files (x86)\Adobe\Adobe Help\Adobe Help.exe
O4 - GS\Program [Public]: Adobe Media Encoder CS6.lnk . (.Adobe Systems, Incorporated - No Comment.) -- C:\Program Files\Adobe\Adobe Media Encoder CS6\Adobe Media Encoder.exe
O4 - GS\Program [Public]: Adobe Reader X.lnk . (...) -- C:\Windows\Installer\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\SC_Reader.ico
O4 - GS\Program [Public]: Apple Software Update.lnk . (...) -- C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe =>.Apple Inc
O4 - GS\Program [Public]: Media Center.lnk . (.Microsoft Corporation - Windows Media Center.) -- C:\Windows\ehome\ehshell.exe =>.Microsoft Corporation
O4 - GS\Program [Public]: Microsoft Office 2010.lnk . (...) -- C:\Windows\Installer\{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe
O4 - GS\Program [Public]: Microsoft Security Essentials.lnk . (...) -- C:\Program Files (x86)\Microsoft Security Client\msseces.exe (.not file.)
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Safari.lnk . (...) -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\Program [Public]: Sidebar.lnk . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
O4 - GS\Program [Public]: TeamViewer 7.lnk . (.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
O4 - GS\Program [Public]: Windows Anytime Upgrade.lnk . (.Microsoft Corporation - Windows Anytime Upgrade User Interface.) -- C:\Windows\system32\WindowsAnytimeUpgradeUI.exe
O4 - GS\Program [Public]: Windows DVD Maker.lnk . (...) -- C:\Program Files (x86)\DVD Maker\DVDMaker.exe (.not file.)
O4 - GS\Program [Public]: Windows Live Mail.lnk . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe =>.Microsoft Corporation
O4 - GS\Program [Public]: Windows Live Messenger.lnk . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - GS\Program [Public]: Windows Live Movie Maker.lnk . (.Microsoft Corporation - Windows Live Movie Maker.) -- C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe =>.Microsoft Corporation
O4 - GS\Program [Public]: Windows Live Photo Gallery.lnk . (.Microsoft Corporation - Windows Live Photo Gallery.) -- C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe =>.Microsoft Corporation
O4 - GS\Program [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O4 - GS\Program [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) -- C:\Windows\system32\xpsrchvw.exe
O4 - GS\Accessories [Public]: Calculator.lnk . (.Microsoft Corporation - Windows Calculator.) -- C:\Windows\system32\calc.exe
O4 - GS\Accessories [Public]: displayswitch.lnk . (.Microsoft Corporation - Display Switch.) -- C:\Windows\system32\displayswitch.exe
O4 - GS\Accessories [Public]: Mobility Center.lnk . (.Microsoft Corporation - Windows Mobility Center.) -- C:\Windows\system32\mblctr.exe
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) -- C:\Windows\system32\mspaint.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) -- C:\Windows\system32\mstsc.exe
O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) -- C:\Windows\system32\SnippingTool.exe
O4 - GS\Accessories [Public]: Sound Recorder.lnk . (.Microsoft Corporation - Windows Sound Recorder.) -- C:\Windows\system32\SoundRecorder.exe
O4 - GS\Accessories [Public]: Sticky Notes.lnk . (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\system32\StikyNot.exe
O4 - GS\Accessories [Public]: Sync Center.lnk . (.Microsoft Corporation - Microsoft Sync Center.) -- C:\Windows\System32\mobsync.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Welcome Center.lnk . (.Microsoft Corporation - Getting Started.) -- C:\Windows\system32\OobeFldr.dll
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) -- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) -- C:\Windows\system32\charmap.exe
O4 - GS\SystemTools [Public]: dfrgui.lnk . (.Microsoft Corporation - Microsoft� Disk Defragmenter.) -- C:\Windows\system32\dfrgui.exe
O4 - GS\SystemTools [Public]: Disk Cleanup.lnk . (.Microsoft Corporation - Disk Space Cleanup Manager for Windows.) -- C:\Windows\system32\cleanmgr.exe
O4 - GS\SystemTools [Public]: Resource Monitor.lnk . (.Microsoft Corporation - Resource and Performance Monitor.) -- C:\Windows\system32\perfmon.exe
O4 - GS\SystemTools [Public]: System Information.lnk . (.Microsoft Corporation - System Information.) -- C:\Windows\system32\msinfo32.exe
O4 - GS\SystemTools [Public]: System Restore.lnk . (.Microsoft Corporation - Microsoft� Windows System Restore.) -- C:\Windows\system32\rstrui.exe
O4 - GS\SystemTools [Public]: Task Scheduler.lnk . (...) -- C:\Windows\system32\taskschd.msc
O4 - GS\SystemTools [Public]: Windows Easy Transfer Reports.lnk . (.Microsoft Corporation - Windows Easy Transfer Post Migration Applic.) -- C:\Windows\system32\migwiz\postmig.exe
O4 - GS\SystemTools [Public]: Windows Easy Transfer.lnk . (.Microsoft Corporation - Windows Easy Transfer Application.) -- C:\Windows\system32\migwiz\migwiz.exe
O4 - GS\QuickLaunch [bertrand]: Apple Safari.lnk . (...) -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\QuickLaunch [bertrand]: Dev-C++.lnk . (.Bloodshed Software - Dev-C++ IDE.) -- C:\Dev-Cpp\devcpp.exe
O4 - GS\QuickLaunch [bertrand]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [bertrand]: MiPony.lnk . (.www.mipony.net - Mipony.) -- C:\Program Files (x86)\MiPony\MiPony.exe
O4 - GS\QuickLaunch [bertrand]: Samsung Kies (Lite).lnk . (...) -- C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe
O4 - GS\QuickLaunch [bertrand]: Samsung Kies.lnk . (...) -- C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe
O4 - GS\QuickLaunch [bertrand]: Speakonia.lnk . (.CFS-Technologies - Speakonia - TTS Program.) -- C:\Program Files (x86)\CFS-Technologies\Speakonia\Speakonia.exe
O4 - GS\QuickLaunch [bertrand]: �Torrent.lnk . (.BitTorrent Inc. - �Torrent.) -- C:\Users\bertrand\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [bertrand]: Adobe Photoshop CS6.lnk . (...) -- C:\Program Files (x86)\Adobe\AutoPlay\Docs\PhotoshopCS6.exe (.not file.) =>.Adobe Systems Incorporated
O4 - GS\TaskBar [bertrand]: Calculator.lnk . (.Microsoft Corporation - Windows Calculator.) -- C:\Windows\system32\calc.exe
O4 - GS\TaskBar [bertrand]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [bertrand]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [bertrand]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar [bertrand]: Notepad.lnk . (.Microsoft Corporation - Notepad.) -- C:\Windows\system32\notepad.exe
O4 - GS\TaskBar [bertrand]: Patcher-de-secours.lnk . (...) -- C:\Program Files (x86)\Fly My World Corporate\Fly My World Corporate\Ultimate Reborn - Acte 5\Patcher-de-secours.exe
O4 - GS\TaskBar [bertrand]: Safari.lnk . (...) -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\TaskBar [bertrand]: Speakonia.lnk . (.CFS-Technologies - Speakonia - TTS Program.) -- C:\Program Files (x86)\CFS-Technologies\Speakonia\Speakonia.exe
O4 - GS\TaskBar [bertrand]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\explorer.exe
O4 - GS\Program [bertrand]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [bertrand]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [bertrand]: TeamViewer 7.lnk . (...) -- C:\Users\bertrand\temp\TeamViewer\Version7\TeamViewer.exe (.not file.)
O4 - GS\Program [bertrand]: Torch.lnk . (...) -- C:\Users\bertrand\AppData\Local\Torch\Application\torch.exe (.not file.)
O4 - GS\Accessories [bertrand]: Command Prompt.lnk . (.Microsoft Corporation - Windows Command Processor.) -- C:\Windows\system32\cmd.exe
O4 - GS\Accessories [bertrand]: Notepad.lnk . (.Microsoft Corporation - Notepad.) -- C:\Windows\system32\notepad.exe
O4 - GS\Accessories [bertrand]: Run.lnk - Orphan key
O4 - GS\Accessories [bertrand]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\explorer.exe
O4 - GS\SystemTools [bertrand]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [bertrand]: Private Character Editor.lnk . (.Microsoft Corporation - Private Character Editor.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo [bertrand]: Format Factory.lnk . (.Free Time - FormatFactory.) -- C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
O4 - GS\SendTo [bertrand]: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - GS\Desktop [bertrand]: Adobe After Effects CS6.lnk . (.Adobe Systems Incorporated - Adobe After Effects CS6.) -- C:\Program Files\Adobe\Adobe After Effects CS6\Support Files\AfterFX.exe
O4 - GS\Desktop [bertrand]: Adobe Photoshop CS6.lnk . (...) -- C:\Program Files (x86)\Adobe\AutoPlay\Docs\PhotoshopCS6.exe (.not file.) =>.Adobe Systems Incorporated
O4 - GS\Desktop [bertrand]: Dev-C++.lnk . (.Bloodshed Software - Dev-C++ IDE.) -- C:\Dev-Cpp\devcpp.exe
O4 - GS\Desktop [bertrand]: Format Factory.lnk . (.Free Time - FormatFactory.) -- C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
O4 - GS\Desktop [bertrand]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [bertrand]: MiPony.lnk . (.www.mipony.net - Mipony.) -- C:\Program Files (x86)\MiPony\MiPony.exe
O4 - GS\Desktop [bertrand]: Play Darksiders II nosTEAM.lnk . (...) -- C:\Darksiders II\Darksiders2.exe
O4 - GS\Desktop [bertrand]: TeamViewer 7.lnk . (...) -- C:\Users\bertrand\temp\TeamViewer\Version7\TeamViewer.exe (.not file.)
O4 - GS\Desktop [bertrand]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Program Files (x86)\ZHPDiag\ZHPhep.exe =>.Nicolas Coolman
O4 - GS\Desktop [bertrand]: ZHPFix.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe =>.Nicolas Coolman
O4 - GS\Desktop [bertrand]: �Torrent.lnk . (.BitTorrent Inc. - �Torrent.) -- C:\Users\bertrand\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 109 Scanned in 00mn 03s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [AdobeBridge] Orphan key
O4 - HKCU\..\Run: [RocketDock] . (...) -- C:\Program Files (x86)\RocketDock\RocketDock.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [E09FXLRD_278321] . (.Microsoft Corporation - Microsoft Encarta Dictionaries.) -- C:\Program Files (x86)\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-948805745-1492054858-3638506696-1001\..\Run: [AdobeBridge] Orphan key
O4 - HKUS\S-1-5-21-948805745-1492054858-3638506696-1001\..\Run: [RocketDock] . (...) -- C:\Program Files (x86)\RocketDock\RocketDock.exe
O4 - HKUS\S-1-5-21-948805745-1492054858-3638506696-1001\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-948805745-1492054858-3638506696-1001\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-21-948805745-1492054858-3638506696-1001\..\Run: [E09FXLRD_278321] . (.Microsoft Corporation - Microsoft Encarta Dictionaries.) -- C:\Program Files (x86)\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.exe
O4 - HKUS\S-1-5-21-948805745-1492054858-3638506696-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-948805745-1492054858-3638506696-1001\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
~ Application: Scanned in 00mn 00s



---\\ IE Options icon not visible in Control Panel (O5)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ IE Control Panel: 1 Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: &Envoyer � OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Notes &li�es OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
O9 - Extra button: Barre de recherche Encarta [64Bits] - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} -- Orphan key
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - E-mail Naming Shim Provider.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Microsoft Windows Sockets 2.0 Service Provider.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corp. - Microsoft� Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll =>.Microsoft Corporation
O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft� Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll =>.Microsoft Corporation
~ Winsock: 8 Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F6A11C8-63C7-41DE-848B-05D3DDC680CE}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1AE60C5-53F5-4D1E-BC52-DA2F5840E4B8}: DhcpNameServer = 10.6.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F6A11C8-63C7-41DE-848B-05D3DDC680CE}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B1AE60C5-53F5-4D1E-BC52-DA2F5840E4B8}: DhcpNameServer = 10.6.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F6A11C8-63C7-41DE-848B-05D3DDC680CE}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{B1AE60C5-53F5-4D1E-BC52-DA2F5840E4B8}: DhcpNameServer = 10.6.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ ShellServiceObjectDelayLoad (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ SSODL: 1 Scanned in 00mn 00s



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) . (.Andrea Electronics Corporation - Andrea filters APO access service (64-bit).) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\Windows\System32\atiesrxx.exe
O23 - Service: AMD FUEL Service (AMD FUEL Service) . (.Advanced Micro Devices, Inc. - AMD Fuel Service.) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service (HP Support Assistant Service) . (...) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (.not file.) =>.Hewlett-Packard Co
O23 - Service: HP Client Services (HPClientSvc) . (.Hewlett-Packard Company - HP Client Services.) - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP SI Service (HPSIService) . (.HP - HP Smart-Install Service.) - C:\Windows\system32\HPSIsvc.exe
O23 - Service: IconMan_R (IconMan_R) . (.Realsil Microelectronics Inc. - Realtek Card Reader Patch Tool..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: (MBAMScheduler) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MySQL (MySQL) . (...) - C:\Program Files (x86)\MySQL\MySQL Server 5.1\my.ini
O23 - Service: Skype C2C Service (Skype C2C Service) . (.Skype Technologies S.A. - Skype C2C Service.) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 7 (TeamViewer7) . (.TeamViewer GmbH - TeamViewer Remote Control Application.) - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
~ Services: 14 Scanned in 00mn 09s



---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Desktop Component: 4 Scanned in 00mn 00s



---\\ BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ BEX: 1 Scanned in 00mn 00s



---\\ Task Planned Automatically (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Adobe Flash Player Updater.job [830]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-948805745-1492054858-3638506696-1001Core.job [918]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-948805745-1492054858-3638506696-1001UA.job [940]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [898]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [902]
[MD5.A283108E14F3970432C21AF4C0CB1BCE] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [257416]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-948805745-1492054858-3638506696-1001Core] (.Facebook Inc..) -- C:\Users\bertrand\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-948805745-1492054858-3638506696-1001UA] (.Facebook Inc..) -- C:\Users\bertrand\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.00000000000000000000000000000000] [APT] [GoforFilesUpdate] (...) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe (.not file.) [0] =>P2P.GoforFiles
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648]
[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] [APT] [MirageAgent] (.CyberLink.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488]
[MD5.00000000000000000000000000000000] [APT] [{3F2B6B1A-B1F9-49A3-B393-68C23902A960}] (...) -- C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (.not file.) [0] =>Adware.RelevantKnowledge
[MD5.34EBD4FF6A24D86BB4716D6AFCC1A89B] [APT] [AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984]
[MD5.00000000000000000000000000000000] [APT] [HP Support Assistant Quick Start] (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [PC Health Analysis] (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [PC Tuneup] (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (.not file.) [0]
[MD5.3EA98EF084CB360121A6D7BA2B47E655] [APT] [Update Check] (.Hewlett-Packard.) -- C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [850488]
~ Scheduled Task: 19 Scanned in 00mn 04s



---\\ ActiveSetup Installed Components (O40)
O40 - ASIC: Microsoft Windows Media Player [64Bits] - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Resources.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Internet Explorer [64Bits] - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: Browser Customizations [64Bits] - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - IEAK branding.) -- C:\Windows\System32\iedkcs32.dll
O40 - ASIC: Microsoft Windows Media Player 12.0 [64Bits] - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\SysWOW64\wmpdxm.dll =>.Microsoft Corporation
O40 - ASIC: Themes Setup [64Bits] - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - Windows Theme API.) -- C:\Windows\System32\themeui.dll
O40 - ASIC: Microsoft Windows [64Bits] - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe =>.Microsoft Corporation
O40 - ASIC: Browsing Enhancements [64Bits] - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Microsoft Internet Explorer FTP Folder Shell Extension.) -- C:\Windows\System32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Windows Media Player Resources.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Windows Desktop Update [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\Windows\System32\shell32.dll
O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
~ Active Setup: 11 Scanned in 00mn 00s



---\\ Drivers launched at startup (O41)
O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\system32\drivers\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: (MpKsl62610a28) . (.Microsoft Corporation - KSLDriver.) - c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{513B9743-3513-435F-ACD3-F3394DC73E33}\MpKsl62610a28.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - QoS Packet Scheduler.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\System32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\System32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys
O41 - Driver: (VBoxDrv) . (.Oracle Corporation - VirtualBox Support Driver.) - C:\Windows\System32\DRIVERS\VBoxDrv.sys
O41 - Driver: (VBoxUSBMon) . (.Oracle Corporation - VirtualBox USB Monitor Driver.) - C:\Windows\System32\DRIVERS\VBoxUSBMon.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\System32\DRIVERS\vwififlt.sys
O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys
~ Drivers: 69 Scanned in 00mn 00s



---\\ Software installed (O42)
O42 - Logiciel: ACID Pro 7.0 - (.Sony.) [HKLM][64Bits] -- {BFA5441E-B7E6-46F5-A15D-1B74707AE93A}
O42 - Logiciel: AMD APP SDK Runtime - (.Advanced Micro Devices Inc..) [HKLM][64Bits] -- {503F672D-6C84-448A-8F8F-4BC35AC83441}
O42 - Logiciel: AMD Accelerated Video Transcoding - (.Advanced Micro Devices, Inc..) [HKLM][64Bits] -- {72AC3A0C-C446-257C-0F44-B0280C18A72F}
O42 - Logiciel: AMD Catalyst Install Manager - (.Advanced Micro Devices, Inc..) [HKLM][64Bits] -- {6D326316-AC23-00EC-D581-FD3373F1CE17}
O42 - Logiciel: AMD Drag and Drop Transcoding - (.Advanced Micro Devices, Inc..) [HKLM][64Bits] -- {03349482-71EF-0131-8840-A1FF64C03808}
O42 - Logiciel: AMD Media Foundation Decoders - (.Advanced Micro Devices, Inc..) [HKLM][64Bits] -- {A6FD58FB-0ED3-8B5A-38B7-332D0693CE42}
O42 - Logiciel: AVGO Free Video Downloader 1.7.9 - (.AVGO Inc..) [HKLM][64Bits] -- AVGO Free Video Downloader_is1
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe AIR
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {14DC0059-00F1-4F62-BD1A-AB23CD51A95E}
O42 - Logiciel: Adobe After Effects CS6 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {4817D846-700B-474E-A31B-80892B3E92E3}
O42 - Logiciel: Adobe Download Assistant - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- com.adobe.downloadassistant.AdobeDownloadAssistant
O42 - Logiciel: Adobe Download Assistant - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {C8773FDB-D0DB-BE52-D536-F48F9886B57B}
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Help Manager - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
O42 - Logiciel: Adobe Help Manager - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AF37176A-78CA-545B-34EF-8B6A21514DD1}
O42 - Logiciel: Adobe Photoshop CS6 Extended 13.0 - (.UncworldStore.) [HKLM][64Bits] -- Adobe Photoshop CS6 Extended 13.0 =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe Reader X (10.1.8) MUI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-FFFF-7B44-AA0000000001}
O42 - Logiciel: Adobe Shockwave Player 11.6 - (.Adobe Systems, Inc..) [HKLM][64Bits] -- Adobe Shockwave Player
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM][64Bits] -- {789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} =>.Apple Inc
O42 - Logiciel: Barre de recherche Encarta (64 bits) - (.Microsoft.) [HKLM][64Bits] -- {08184040-959A-4B0D-8825-2C533F0DDB19}
O42 - Logiciel: BitLord 2.3 - (.House of Life.) [HKLM][64Bits] -- BitLord =>Adware.WhenUSave
O42 - Logiciel: Camtasia Studio�7 - (.TechSmith Corporation.) [HKLM][64Bits] -- {3D577B95-4EC1-4C3D-B6F6-FF3D3C7FF9B4}
O42 - Logiciel: Catalyst Control Center - Branding - (.Advanced Micro Devices, Inc..) [HKLM][64Bits] -- {5F7308C0-56FF-415A-B34C-44A90A892A95}
O42 - Logiciel: CodeBlocks - (.The Code::Blocks Team.) [HKCU][64Bits] -- CodeBlocks
O42 - Logiciel: Compaq Setup Manager - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {AE856388-AFAD-4753-81DF-D96B19D0A17C}
O42 - Logiciel: Cracked Steam - (.Anti-Valve Software.) [HKLM][64Bits] -- 6F64DF2E-3B8E-41DB-89E4-75BD3F370CDE_is1
O42 - Logiciel: CyberLink YouCam - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}
O42 - Logiciel: CyberLink YouCam - (.CyberLink Corp..) [HKLM][64Bits] -- {01FB4998-33C4-4431-85ED-079E3EEFE75D}
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}
O42 - Logiciel: Dev-C++ 5 beta 9 release (4.9.9.2) - (...) [HKLM][64Bits] -- Dev-C++
O42 - Logiciel: Dragonica version TEST - (.Gala Networks Europe Ltd..) [HKLM][64Bits] -- {46BE6D86-7BEF-4DAB-B3E6-7B932D3872F3}_is1
O42 - Logiciel: Dust: An Elysian Tail - (.Microsoft Studios.) [HKLM][64Bits] -- Dust: An Elysian Tail_is1
O42 - Logiciel: ESU for Microsoft Windows 7 SP1 - (.Hewlett-Packard.) [HKLM][64Bits] -- {E96CAA2A-0244-4A2A-8403-0C3C9534778B}
O42 - Logiciel: Evernote v. 4.2.3 - (.Evernote Corp..) [HKLM][64Bits] -- {F761359C-9CED-45AE-9A51-9D6605CD55C4}
O42 - Logiciel: FMW - Ultimate SliKy i2 - (...) [HKLM][64Bits] -- FMW - Ultimate SliKy i2
O42 - Logiciel: Facebook Video Calling 1.2.0.287 - (.Skype Limited.) [HKLM][64Bits] -- {B92C5909-1D37-4C51-8397-A28BB28E5DC3}
O42 - Logiciel: FormatFactory 3.0.1 - (.Free Time.) [HKLM][64Bits] -- FormatFactory
O42 - Logiciel: GIMP 2.6.11 - (.The GIMP Team.) [HKLM][64Bits] -- WinGimp-2.0_is1
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: HP Auto - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}
O42 - Logiciel: HP Client Services - (.Hewlett-Packard.) [HKLM][64Bits] -- {2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}
O42 - Logiciel: HP Customer Experience Enhancements - (.Hewlett-Packard.) [HKLM][64Bits] -- {07FA4960-B038-49EB-891B-9F95930AA544}
O42 - Logiciel: HP Documentation - (.Hewlett-Packard.) [HKLM][64Bits] -- {39FCC6B7-FFF5-4075-A5E8-B5CEBD54C331}
O42 - Logiciel: HP LaserJet Professional P1100-P1560-P1600 Series - (...) [HKLM][64Bits] -- HP LaserJet Professional P1100-P1560-P1600 Series
O42 - Logiciel: HP Recovery Manager - (.Hewlett-Packard.) [HKLM][64Bits] -- {DBCD5E64-7379-4648-9444-8A6558DCB614}
O42 - Logiciel: HP Setup - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}
O42 - Logiciel: Hewlett-Packard ACLM.NET v1.1.2.0 - (.Hewlett-Packard.) [HKLM][64Bits] -- {6F340107-F9AA-47C6-B54C-C3A19F11553F}
O42 - Logiciel: IconPackager - (.Stardock Corporation.) [HKLM][64Bits] -- IconPackager
O42 - Logiciel: IconPackager - (.Stardock Corporation.) [HKLM][64Bits] -- {6BF04C63-EAC0-4F19-9E88-9A745493E7BF}
O42 - Logiciel: Internet Download Manager - (.Tonec Inc..) [HKLM][64Bits] -- Internet Download Manager
O42 - Logiciel: Java 7 Update 25 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83217025FF}
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM][64Bits] -- {1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
O42 - Logiciel: L&H TTS3000 Fran�ais - (...) [HKLM][64Bits] -- LHTTSFRF
O42 - Logiciel: MP3 Voice Recorder 1.0 - (.prvsoft.com.) [HKLM][64Bits] -- MP3 Voice Recorder_is1
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
O42 - Logiciel: MSVCRT Redists - (.Sony Creative Software Inc..) [HKLM][64Bits] -- {70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}
O42 - Logiciel: MSVCRT Redists - (.Sony Creative Software Inc..) [HKLM][64Bits] -- {7E708ADE-6575-11E2-8713-F04DA23A5C58}
O42 - Logiciel: MSVCRT_amd64 - (.Microsoft.) [HKLM][64Bits] -- {D0B44725-3666-492D-BEF6-587A14BD9BD9}
O42 - Logiciel: Ma-Config.com (64 bits) - (.Cybelsoft.) [HKLM][64Bits] -- {4B5CFDDC-070A-4A24-BB02-2448E0375F8E}
O42 - Logiciel: Macromedia Shockwave Player - (...) [HKLM][64Bits] -- Macromedia Shockwave Player
O42 - Logiciel: Malwarebytes Anti-Malware version 1.75.0.1300 - (.Malwarebytes Corporation.) [HKLM][64Bits] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Mesh Runtime - (.Microsoft Corporation.) [HKLM][64Bits] -- {8C6D6116-B724-4810-8F2D-D047E6B7D68E}
O42 - Logiciel: MiPony 2.1.0 - (...) [HKLM][64Bits] -- MiPony
O42 - Logiciel: Microsoft Encarta 2009 - Collection - (.Microsoft Corporation.) [HKLM][64Bits] -- {09180081-2C94-4A67-8E55-8483C019C7D2}
O42 - Logiciel: Microsoft Security Client - (.Microsoft Corporation.) [HKLM][64Bits] -- {8D26D58C-3464-4C03-BB61-5695F984EFEF}
O42 - Logiciel: Microsoft Security Essentials - (.Microsoft Corporation.) [HKLM][64Bits] -- Microsoft Security Client
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft XNA Framework Redistributable 4.0 Refresh - (.Microsoft Corporation.) [HKLM][64Bits] -- {D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}
O42 - Logiciel: Mozilla Firefox 24.0 (x86 fr) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 24.0 (x86 fr)
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] -- MozillaMaintenanceService
O42 - Logiciel: Mplayer.com - (...) [HKLM][64Bits] -- Mplayer.com
O42 - Logiciel: MyFreeCodec - (...) [HKCU][64Bits] -- MyFreeCodec
O42 - Logiciel: MySQL Server 5.1 - (.MySQL AB.) [HKLM][64Bits] -- {87FC2EAB-B7E6-4D04-BE6A-46330F7361C7}
O42 - Logiciel: NewBlue 3D Explosions for Windows - (...) [HKLM][64Bits] -- NewBlue 3D Explosions for Windows
O42 - Logiciel: NewBlue 3D Transformations for Windows - (...) [HKLM][64Bits] -- NewBlue 3D Transformations for Windows
O42 - Logiciel: NewBlue Art Blends for Windows - (...) [HKLM][64Bits] -- NewBlue Art Blends for Windows
O42 - Logiciel: NewBlue Art Effects for Windows - (...) [HKLM][64Bits] -- NewBlue Art Effects for Windows
O42 - Logiciel: NewBlue Film Effects for Windows - (...) [HKLM][64Bits] -- NewBlue Film Effects for Windows
O42 - Logiciel: NewBlue Motion Blends for Windows - (...) [HKLM][64Bits] -- NewBlue Motion Blends for Windows
O42 - Logiciel: NewBlue Motion Effects for Windows - (...) [HKLM][64Bits] -- NewBlue Motion Effects for Windows
O42 - Logiciel: NewBlue Video Essentials for Windows - (...) [HKLM][64Bits] -- NewBlue Video Essentials for Windows
O42 - Logiciel: Oracle VM VirtualBox 4.2.16 - (.Oracle Corporation.) [HKLM][64Bits] -- {4CC3444D-7279-4E83-984F-18E9A7B2E803}
O42 - Logiciel: PCSX2 - Playstation 2 Emulator - (...) [HKLM][64Bits] -- pcsx2-r4600
O42 - Logiciel: Picasa 3 - (.Google, Inc..) [HKLM][64Bits] -- Picasa 3
O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM][64Bits] -- {AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}
O42 - Logiciel: RAR Password Cracker 4.12 - (.dnSoft Research Group.) [HKLM][64Bits] -- RAR Password Cracker
O42 - Logiciel: Ralink RT5390 802.11b/g/n WiFi Adapter - (.Ralink.) [HKLM][64Bits] -- {8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}
O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM][64Bits] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Realtek PCIE Card Reader - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {C1594429-8296-4652-BF54-9DBE4932A44C}
O42 - Logiciel: RocketDock 1.3.5 - (.Punk Software.) [HKLM][64Bits] -- RocketDock_is1
O42 - Logiciel: SAMSUNG USB Driver for Mobile Phones - (.SAMSUNG Electronics Co., Ltd..) [HKLM][64Bits] -- {D0795B21-0CDA-4a92-AB9E-6E92D8111E44}
O42 - Logiciel: Safari - (.Apple Inc..) [HKLM][64Bits] -- {C779648B-410E-4BBA-B75B-5815BCEFE71D}
O42 - Logiciel: Samsung Kies - (.Samsung Electronics Co., Ltd..) [HKLM][64Bits] -- InstallShield_{758C8301-2696-4855-AF45-534B1200980A}
O42 - Logiciel: Samsung Kies - (.Samsung Electronics Co., Ltd..) [HKLM][64Bits] -- {758C8301-2696-4855-AF45-534B1200980A}
O42 - Logiciel: Skype Click to Call - (.Skype Technologies S.A..) [HKLM][64Bits] -- {B6CF2967-C81E-40C0-9815-C05774FEF120}
O42 - Logiciel: Skype� 6.6 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
O42 - Logiciel: Speakonia - (.CFS-Technologies.) [HKLM][64Bits] -- Speakonia_is1
O42 - Logiciel: Steam - (.Valve Corporation.) [HKLM][64Bits] -- {048298C9-A4D3-490B-9FF9-AB023A9238F3}
O42 - Logiciel: SuperCopier2 - (...) [HKLM][64Bits] -- SuperCopier2
O42 - Logiciel: Synaptics TouchPad Driver - (.Synaptics Incorporated.) [HKLM][64Bits] -- SynTPDeinstKey
O42 - Logiciel: TeamSpeak 3 Client - (.TeamSpeak Systems GmbH.) [HKLM][64Bits] -- TeamSpeak 3 Client
O42 - Logiciel: TeamViewer 7 - (.TeamViewer.) [HKLM][64Bits] -- TeamViewer 7
O42 - Logiciel: VLC media player 2.1.0 - (.VideoLAN.) [HKLM][64Bits] -- VLC media player =>.VideoLAN
O42 - Logiciel: Vegas Pro 12.0 (64-bit) - (.Sony.) [HKLM][64Bits] -- {7963F870-6575-11E2-A4D9-F04DA23A5C58}
O42 - Logiciel: Visual Studio 2010 x64 Redistributables - (.AVG Technologies.) [HKLM][64Bits] -- {21B133D6-5979-47F0-BE1C-F6A6B304693F}
O42 - Logiciel: WinRAR 4.01 (32-bit) - (.win.rar GmbH.) [HKLM][64Bits] -- WinRAR archiver
O42 - Logiciel: World of Tanks - (.Wargaming.net.) [HKLM][64Bits] -- {1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1
O42 - Logiciel: Wrzuta Media Downloader - (.Dragonshorn Studios.) [HKLM][64Bits] -- WrzutaMediaDownloader
O42 - Logiciel: ZIP PASSWORD FINDER - (...) [HKLM][64Bits] -- ZIP PASSWORD FINDER
O42 - Logiciel: aTube Catcher - (.DsNET Corp.) [HKLM][64Bits] -- aTube Catcher
O42 - Logiciel: opensource - (.Your Company Name.) [HKLM][64Bits] -- {3677D4D8-E5E0-49FC-B86E-06541CF00BBE}
O42 - Logiciel: swMSM - (.Adobe Systems, Inc.) [HKLM][64Bits] -- {612C34C7-5E90-47D8-9B5C-0F717DD82726}
O42 - Logiciel: �Torrent - (.BitTorrent Inc..) [HKCU][64Bits] -- uTorrent =>P2P.BitTorrent
~ Logic: 209 Scanned in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AMD]
[HKCU\Software\ATI]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Adobe]
[HKCU\Software\AppDataLow\Software\JavaSoft]
[HKCU\Software\AppDataLow\Software\Macromedia]
[HKCU\Software\AppDataLow\Software\MarkAny]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Apple Inc.]
[HKCU\Software\Arcai.com]
[HKCU\Software\BitTorrent] =>P2P.BitTorrent
[HKCU\Software\Borland]
[HKCU\Software\Bugsplat]
[HKCU\Software\CDDB]
[HKCU\Software\CFS-Technologies]
[HKCU\Software\ClassesB]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\CodeGear]
[HKCU\Software\CyberLink]
[HKCU\Software\DT Soft]
[HKCU\Software\DirectShow]
[HKCU\Software\DownloadManager]
[HKCU\Software\Dragonshorn Studios]
[HKCU\Software\EaseUS]
[HKCU\Software\EasyBits]
[HKCU\Software\Eidos]
[HKCU\Software\FLT]
[HKCU\Software\Facebook]
[HKCU\Software\FreeTime]
[HKCU\Software\GNU]
[HKCU\Software\Gabest]
[HKCU\Software\GetPrivate]
[HKCU\Software\GoforFiles] =>P2P.GoforFiles
[HKCU\Software\Google]
[HKCU\Software\Haali]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IM Providers]
[HKCU\Software\INCAInternet]
[HKCU\Software\JEDI-VCL]
[HKCU\Software\JavaSoft]
[HKCU\Software\MacroMgr]
[HKCU\Software\Macromedia]
[HKCU\Software\MainConcept (Consumer)]
[HKCU\Software\MainConcept]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\Marvell]
[HKCU\Software\MiniTool Solution Ltd.]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\MyFree Codec]
[HKCU\Software\MySQL AB]
[HKCU\Software\Netscape]
[HKCU\Software\NewBlue]
[HKCU\Software\Norton]
[HKCU\Software\ODBC]
[HKCU\Software\Oracle]
[HKCU\Software\PCSX2]
[HKCU\Software\Pando Networks]
[HKCU\Software\Policies]
[HKCU\Software\RAR Password Cracker]
[HKCU\Software\Realtek]
[HKCU\Software\RocketDock]
[HKCU\Software\S.A.D]
[HKCU\Software\SCATLAWS]
[HKCU\Software\SFX TEAM]
[HKCU\Software\Samsung]
[HKCU\Software\SkypeRS]
[HKCU\Software\Skype]
[HKCU\Software\Soft Lemon]
[HKCU\Software\Sony Creative Software]
[HKCU\Software\Stardock]
[HKCU\Software\Symantec]
[HKCU\Software\Synaptics]
[HKCU\Software\Sysinternals]
[HKCU\Software\TVSSI]
[HKCU\Software\TeamViewer]
[HKCU\Software\TechSmith]
[HKCU\Software\TeleCharger_v2]
[HKCU\Software\Trolltech]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\Valve]
[HKCU\Software\VirtualDub.org]
[HKCU\Software\Wargaming.net]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Winamp]
[HKCU\Software\Windows Sidebar]
[HKCU\Software\Wow6432Node]
[HKCU\Software\ZebHelpProcess Helper]
[HKCU\Software\cybelsoft]
[HKCU\Software\eSellerate]
[HKCU\Software\ej-technologies]
[HKCU\Software\gPotato]
[HKCU\Software\shockwave.com]
[HKCU\Software\uTorrent Turbo Booster] =>P2P.�Torrent
[HKLM\Software\AMD]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\Adobe]
[HKLM\Software\Anti-Valve Software]
[HKLM\Software\CBSTEST]
[HKLM\Software\CXT]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Cyberlink]
[HKLM\Software\HPQ]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\IM Providers]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\Khronos]
[HKLM\Software\Macromedia]
[HKLM\Software\Marvell]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Norton]
[HKLM\Software\ODBC]
[HKLM\Software\Oracle]
[HKLM\Software\Policies]
[HKLM\Software\RTLSetup]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\S.A.D]
[HKLM\Software\SAMSUNG]
[HKLM\Software\SONIX]
[HKLM\Software\SRS Labs]
[HKLM\Software\Sonic]
[HKLM\Software\Sony Creative Software]
[HKLM\Software\Synaptics]
[HKLM\Software\Valve]
[HKLM\Software\Wow6432Node\AMD]
[HKLM\Software\Wow6432Node\ATI Technologies]
[HKLM\Software\Wow6432Node\ATI]
[HKLM\Software\Wow6432Node\AVGO]
[HKLM\Software\Wow6432Node\Adobe]
[HKLM\Software\Wow6432Node\AdwCleaner]
[HKLM\Software\Wow6432Node\AppDataLow]
[HKLM\Software\Wow6432Node\Apple Computer, Inc.]
[HKLM\Software\Wow6432Node\Apple Inc.]
[HKLM\Software\Wow6432Node\Arcai]
[HKLM\Software\Wow6432Node\AviSynth]
[HKLM\Software\Wow6432Node\Brothers]
[HKLM\Software\Wow6432Node\C07ft5Y]
[HKLM\Software\Wow6432Node\CDDB]
[HKLM\Software\Wow6432Node\Caphyon]
[HKLM\Software\Wow6432Node\Classes]
[HKLM\Software\Wow6432Node\Clients]
[HKLM\Software\Wow6432Node\CyberLink]
[HKLM\Software\Wow6432Node\DT Soft]
[HKLM\Software\Wow6432Node\DivXNetworks]
[HKLM\Software\Wow6432Node\EasyBits]
[HKLM\Software\Wow6432Node\Evernote]
[HKLM\Software\Wow6432Node\FlyMyWorld Ultimate]
[HKLM\Software\Wow6432Node\GNU]
[HKLM\Software\Wow6432Node\GoforFiles] =>P2P.GoforFiles
[HKLM\Software\Wow6432Node\Google]
[HKLM\Software\Wow6432Node\HaaliMkx]
[HKLM\Software\Wow6432Node\Hewlett-Packard]
[HKLM\Software\Wow6432Node\HewlettPackard]
[HKLM\Software\Wow6432Node\HighCriteria]
[HKLM\Software\Wow6432Node\IM Providers]
[HKLM\Software\Wow6432Node\Intel]
[HKLM\Software\Wow6432Node\JavaSoft]
[HKLM\Software\Wow6432Node\JreMetrics]
[HKLM\Software\Wow6432Node\Khronos]
[HKLM\Software\Wow6432Node\L&H]
[HKLM\Software\Wow6432Node\Macromedia]
[HKLM\Software\Wow6432Node\Malwarebytes' Anti-Malware (Trial)]
[HKLM\Software\Wow6432Node\Malwarebytes' Anti-Malware]
[HKLM\Software\Wow6432Node\MimarSinan]
[HKLM\Software\Wow6432Node\MozillaPlugins]
[HKLM\Software\Wow6432Node\Mozilla]
[HKLM\Software\Wow6432Node\Mpath]
[HKLM\Software\Wow6432Node\MyFree Codec]
[HKLM\Software\Wow6432Node\MySQL AB]
[HKLM\Software\Wow6432Node\NewBlue]
[HKLM\Software\Wow6432Node\ODBC]
[HKLM\Software\Wow6432Node\OpenVPN-GUI]
[HKLM\Software\Wow6432Node\Pando Networks]
[HKLM\Software\Wow6432Node\Policies]
[HKLM\Software\Wow6432Node\Propellerhead Software]
[HKLM\Software\Wow6432Node\Ralink]
[HKLM\Software\Wow6432Node\Realtek Semiconductor Corp.]
[HKLM\Software\Wow6432Node\Realtek]
[HKLM\Software\Wow6432Node\RegisteredApplications]
[HKLM\Software\Wow6432Node\Riot Games]
[HKLM\Software\Wow6432Node\Samsung]
[HKLM\Software\Wow6432Node\Skype]
[HKLM\Software\Wow6432Node\Sony Creative Software]
[HKLM\Software\Wow6432Node\Sony Media Software]
[HKLM\Software\Wow6432Node\Stardock]
[HKLM\Software\Wow6432Node\Symantec]
[HKLM\Software\Wow6432Node\TeamViewer]
[HKLM\Software\Wow6432Node\TechSmith]
[HKLM\Software\Wow6432Node\Thoosje]
[HKLM\Software\Wow6432Node\Valve]
[HKLM\Software\Wow6432Node\VideoLAN]
[HKLM\Software\Wow6432Node\Voice]
[HKLM\Software\Wow6432Node\Volatile]
[HKLM\Software\Wow6432Node\WildTangent]
[HKLM\Software\Wow6432Node\Win32 Services]
[HKLM\Software\Wow6432Node\WinRAR]
[HKLM\Software\Wow6432Node\Wow6432Node]
[HKLM\Software\Wow6432Node\Xvid Team]
[HKLM\Software\Wow6432Node\cybelsoft]
[HKLM\Software\Wow6432Node\eSellerate]
[HKLM\Software\Wow6432Node\mozilla.org]
[HKLM\Software\Wow6432Node\uTorrent Turbo Booster] =>P2P.�Torrent
[HKLM\Software\Wow6432Node]
[HKLM\Software\cybelsoft]
~ Key Software: 313 Scanned in 00mn 01s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 26/10/2012 - 17:01:01 - [477,782] ----D C:\Program Files (x86)\Adobe
O43 - CFD: 25/10/2012 - 12:38:54 - [2,984] ----D C:\Program Files (x86)\Adobe Download Assistant
O43 - CFD: 10/10/2012 - 09:42:17 - [2,145] ----D C:\Program Files (x86)\AMD APP
O43 - CFD: 10/10/2012 - 09:42:20 - [0,389] ----D C:\Program Files (x86)\AMD AVT
O43 - CFD: 09/10/2012 - 15:51:35 - [2,316] ----D C:\Program Files (x86)\Apple Software Update =>.Apple Inc
O43 - CFD: 07/02/2013 - 07:41:55 - [0,560] ----D C:\Program Files (x86)\Appnimi
O43 - CFD: 10/10/2012 - 09:40:53 - [54,556] ----D C:\Program Files (x86)\ATI Technologies
O43 - CFD: 25/07/2013 - 00:26:29 - [3,321] ----D C:\Program Files (x86)\auto-clicker
O43 - CFD: 05/09/2013 - 21:30:53 - [46,860] ----D C:\Program Files (x86)\AVGO
O43 - CFD: 21/10/2012 - 11:59:32 - [2,904] ----D C:\Program Files (x86)\CFS-Technologies
O43 - CFD: 16/05/2013 - 05:45:16 - [150,273] ----D C:\Program Files (x86)\CodeBlocks
O43 - CFD: 06/10/2013 - 18:41:40 - [658,006] ----D C:\Program Files (x86)\Common Files
O43 - CFD: 07/06/2012 - 13:04:00 - [210,159] ----D C:\Program Files (x86)\CyberLink
O43 - CFD: 08/10/2012 - 15:06:41 - [9,242] ----D C:\Program Files (x86)\DAEMON Tools Lite =>.DT Soft Ltd
O43 - CFD: 09/10/2012 - 13:15:20 - [1,734] ----D C:\Program Files (x86)\Dragonshorn Studios
O43 - CFD: 01/09/2013 - 05:10:18 - [39,083] ----D C:\Program Files (x86)\DsNET Corp
O43 - CFD: 06/10/2013 - 23:26:45 - [1,005] ----D C:\Program Files (x86)\dumps
O43 - CFD: 27/07/2013 - 18:28:57 - [1529,879] ----D C:\Program Files (x86)\Dust An Elysian Tail
O43 - CFD: 17/10/2011 - 16:32:00 - [278,025] ----D C:\Program Files (x86)\Evernote
O43 - CFD: 08/10/2013 - 21:28:40 - [0,007] ----D C:\Program Files (x86)\FK_Monitor
O43 - CFD: 04/07/2013 - 05:51:41 - [764,578] ----D C:\Program Files (x86)\Fly My World Corporate
O43 - CFD: 20/12/2012 - 08:43:06 - [135,748] ----D C:\Program Files (x86)\FreeTime
O43 - CFD: 04/02/2013 - 08:28:23 - [107,900] ----D C:\Program Files (x86)\GIMP-2.0
O43 - CFD: 19/10/2012 - 19:02:38 - [511,061] ----D C:\Program Files (x86)\Google
O43 - CFD: 08/10/2012 - 05:56:12 - [642,433] ----D C:\Program Files (x86)\Hewlett-Packard
O43 - CFD: 07/10/2012 - 22:51:46 - [29,086] ----D C:\Program Files (x86)\HP Games
O43 - CFD: 08/08/2013 - 23:31:19 - [33,667] --H-D C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 07/09/2013 - 20:01:10 - [10,577] ----D C:\Program Files (x86)\Internet Download Manager
O43 - CFD: 10/10/2013 - 07:15:39 - [6,218] ----D C:\Program Files (x86)\Internet Explorer
O43 - CFD: 31/08/2013 - 22:27:54 - [122,487] ----D C:\Program Files (x86)\Java
O43 - CFD: 12/10/2013 - 16:53:35 - [13,265] ----D C:\Program Files (x86)\Malwarebytes' Anti-Malware
O43 - CFD: 07/10/2012 - 22:18:44 - [0] ----D C:\Program Files (x86)\Microsoft
O43 - CFD: 26/07/2013 - 16:40:14 - [38,002] ----D C:\Program Files (x86)\Microsoft Analysis Services
O43 - CFD: 10/10/2013 - 07:12:03 - [12,461] ----D C:\Program Files (x86)\Microsoft Application Virtualization Client
O43 - CFD: 10/11/2012 - 16:07:19 - [-1555,583] ----D C:\Program Files (x86)\Microsoft Encarta
O43 - CFD: 26/07/2013 - 16:43:45 - [955,123] ----D C:\Program Files (x86)\Microsoft Office
O43 - CFD: 10/10/2013 - 04:54:03 - [1,500] ----D C:\Program Files (x86)\Microsoft Security Client
O43 - CFD: 10/10/2013 - 07:18:03 - [40,851] ----D C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD: 26/07/2013 - 16:43:44 - [3,467] ----D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
O43 - CFD: 26/07/2013 - 16:43:44 - [0,757] ----D C:\Program Files (x86)\Microsoft Sync Framework
O43 - CFD: 26/07/2013 - 16:44:13 - [0,312] ----D C:\Program Files (x86)\Microsoft Synchronization Services
O43 - CFD: 26/07/2013 - 16:41:17 - [1,314] ----D C:\Program Files (x86)\Microsoft Visual Studio 8
O43 - CFD: 27/07/2013 - 18:35:45 - [5,795] ----D C:\Program Files (x86)\Microsoft XNA
O43 - CFD: 26/07/2013 - 16:43:44 - [7,797] ----D C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 17/09/2013 - 05:13:25 - [10,773] ----D C:\Program Files (x86)\MiPony
O43 - CFD: 01/10/2013 - 14:20:49 - [59,303] ----D C:\Program Files (x86)\Mozilla Firefox
O43 - CFD: 06/10/2013 - 23:14:19 - [0,216] ----D C:\Program Files (x86)\Mozilla Maintenance Service
O43 - CFD: 26/03/2013 - 06:26:54 - [10,688] ----D C:\Program Files (x86)\MP3 Voice Recorder
O43 - CFD: 26/07/2013 - 16:44:41 - [0,025] ----D C:\Program Files (x86)\MSBuild
O43 - CFD: 23/05/2013 - 13:57:23 - [730,340] ----D C:\Program Files (x86)\MySQL
O43 - CFD: 30/03/2013 - 18:55:07 - [140,078] ----D C:\Program Files (x86)\NewBlue
O43 - CFD: 06/10/2012 - 14:22:59 - [19,963] R---D C:\Program Files (x86)\Online Services
O43 - CFD: 23/05/2013 - 11:54:21 - [0,008] ----D C:\Program Files (x86)\OpenVPN
O43 - CFD: 26/06/2013 - 08:06:18 - [0] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 15/10/2012 - 00:21:14 - [11,173] ----D C:\Program Files (x86)\PCSX2 0.9.8
O43 - CFD: 25/12/2012 - 16:20:01 - [0,547] ----D C:\Program Files (x86)\QMacro
O43 - CFD: 14/11/2012 - 06:28:43 - [0] ----D C:\Program Files (x86)\Quick Memory Editor
O43 - CFD: 09/11/2012 - 22:39:00 - [72,490] ----D C:\Program Files (x86)\QuickTime
O43 - CFD: 16/01/2013 - 11:17:15 - [0,194] ----D C:\Program Files (x86)\RAR Password Cracker
O43 - CFD: 10/10/2012 - 09:46:37 - [20,370] ----D C:\Program Files (x86)\Realtek
O43 - CFD: 27/03/2013 - 21:03:44 - [35,226] ----D C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 09/10/2012 - 13:02:02 - [11,587] ----D C:\Program Files (x86)\RocketDock
O43 - CFD: 09/10/2012 - 15:52:17 - [102,605] ----D C:\Program Files (x86)\Safari
O43 - CFD: 08/08/2013 - 23:33:02 - [193,347] ----D C:\Program Files (x86)\Samsung
O43 - CFD: 23/09/2013 - 20:09:38 - [51,851] R---D C:\Program Files (x86)\Skype
O43 - CFD: 07/02/2013 - 06:22:40 - [343,430] ----D C:\Program Files (x86)\Sony
O43 - CFD: 25/01/2013 - 07:15:47 - [149,323] ----D C:\Program Files (x86)\Sony Setup
O43 - CFD: 09/10/2012 - 13:32:53 - [8,254] ----D C:\Program Files (x86)\Stardock
O43 - CFD: 10/10/2013 - 16:17:03 - [41,154] ----D C:\Program Files (x86)\Steam
O43 - CFD: 05/11/2012 - 20:25:49 - [1,169] ----D C:\Program Files (x86)\SuperCopier2
O43 - CFD: 07/06/2012 - 13:11:26 - [0,727] ----D C:\Program Files (x86)\SymSilent
O43 - CFD: 19/10/2012 - 19:00:43 - [50,106] ----D C:\Program Files (x86)\TeamSpeak 3 Client
O43 - CFD: 08/09/2013 - 14:51:35 - [16,037] ----D C:\Program Files (x86)\TeamViewer
O43 - CFD: 15/12/2012 - 23:16:40 - [104,551] ----D C:\Program Files (x86)\TechSmith
O43 - CFD: 10/10/2012 - 10:00:00 - [0] --H-D C:\Program Files (x86)\Temp
O43 - CFD: 09/10/2012 - 23:43:33 - [2,124] ----D C:\Program Files (x86)\Thoosje
O43 - CFD: 14/07/2009 - 04:57:06 - [0] --H-D C:\Program Files (x86)\Uninstall Information
O43 - CFD: 17/07/2013 - 07:14:18 - [0,924] ----D C:\Program Files (x86)\uTorrent =>P2P.�Torrent
O43 - CFD: 09/10/2012 - 12:42:15 - [98,913] ----D C:\Program Files (x86)\VideoLAN
O43 - CFD: 10/10/2013 - 07:15:41 - [0,488] ----D C:\Program Files (x86)\Windows Defender
O43 - CFD: 07/10/2012 - 22:30:55 - [170,260] ----D C:\Program Files (x86)\Windows Live
O43 - CFD: 09/10/2012 - 18:44:02 - [5,833] ----D C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 09/10/2012 - 18:44:02 - [5,077] ----D C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - 05:32:38 - [11,504] ----D C:\Program Files (x86)\Windows NT
O43 - CFD: 09/10/2012 - 18:44:02 - [4,191] ----D C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 21/11/2010 - 03:31:38 - [0,181] ----D C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 09/10/2012 - 18:44:03 - [5,713] ----D C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 27/06/2013 - 11:22:51 - [0,201] ----D C:\Program Files (x86)\WinPcap
O43 - CFD: 08/10/2012 - 15:01:50 - [3,951] ----D C:\Program Files (x86)\WinRAR
O43 - CFD: 13/10/2013 - 15:09:54 - [23,515] ----D C:\Program Files (x86)\ZHPDiag =>.Nicolas Coolman
O43 - CFD: 18/08/2013 - 10:03:30 - [0,341] ----D C:\Program Files (x86)\ZIP PASSWORD FINDER
O43 - CFD: 26/10/2012 - 17:01:02 - [346,535] ----D C:\Program Files (x86)\Common Files\Adobe
O43 - CFD: 25/10/2012 - 12:38:53 - [40,070] ----D C:\Program Files (x86)\Common Files\Adobe AIR
O43 - CFD: 07/06/2012 - 12:54:30 - [2,723] ----D C:\Program Files (x86)\Common Files\ATI Technologies
O43 - CFD: 28/05/2013 - 05:21:54 - [0,095] ----D C:\Program Files (x86)\Common Files\DESIGNER
O43 - CFD: 30/03/2013 - 18:46:56 - [0] ----D C:\Program Files (x86)\Common Files\eSellerate
O43 - CFD: 10/10/2012 - 09:58:22 - [2,009] ----D C:\Program Files (x86)\Common Files\InstallShield
O43 - CFD: 31/08/2013 - 22:28:28 - [1,189] ----D C:\Program Files (x86)\Common Files\Java
O43 - CFD: 27/07/2013 - 18:35:46 - [210,947] ----D C:\Program Files (x86)\Common Files\microsoft shared
O43 - CFD: 14/07/2009 - 03:20:08 - [0,003] ----D C:\Program Files (x86)\Common Files\Services
O43 - CFD: 19/04/2013 - 21:13:44 - [1,904] ----D C:\Program Files (x86)\Common Files\Skype
O43 - CFD: 14/07/2009 - 03:20:08 - [39,200] ----D C:\Program Files (x86)\Common Files\SpeechEngines
O43 - CFD: 10/10/2013 - 17:35:54 - [0,518] ----D C:\Program Files (x86)\Common Files\Steam
O43 - CFD: 03/11/2012 - 07:34:46 - [0] ----D C:\Program Files (x86)\Common Files\Symantec Shared
O43 - CFD: 26/07/2013 - 16:40:33 - [10,311] ----D C:\Program Files (x86)\Common Files\System
O43 - CFD: 15/12/2012 - 23:16:41 - [2,504] ----D C:\Program Files (x86)\Common Files\TechSmith Shared
O43 - CFD: 17/10/2011 - 16:51:55 - [0] ----D C:\Program Files (x86)\Common Files\Windows Live
O43 - CFD: 04/07/2013 - 08:02:06 - [0] ----D C:\ProgramData\4shared Desktop
O43 - CFD: 26/10/2012 - 17:03:11 - [278,836] ----D C:\ProgramData\Adobe
O43 - CFD: 10/10/2012 - 09:42:22 - [0,002] ----D C:\ProgramData\AMD
O43 - CFD: 09/10/2012 - 15:51:34 - [21,586] ----D C:\ProgramData\Apple
O43 - CFD: 09/10/2012 - 15:51:59 - [62,017] ----D C:\ProgramData\Apple Computer
O43 - CFD: 14/07/2009 - 05:08:56 - [0] -SH-D C:\ProgramData\Application Data
O43 - CFD: 10/10/2012 - 10:01:22 - [0] ----D C:\ProgramData\ATI
O43 - CFD: 06/10/2012 - 14:20:39 - [0] -SH-D C:\ProgramData\Bureaublad
O43 - CFD: 02/02/2013 - 19:28:39 - [0] --H-D C:\ProgramData\Common Files
O43 - CFD: 08/10/2012 - 15:06:50 - [0] ----D C:\ProgramData\DAEMON Tools Lite =>.DT Soft Ltd
O43 - CFD: 14/07/2009 - 05:08:56 - [0] -SH-D C:\ProgramData\Desktop
O43 - CFD: 06/10/2012 - 14:20:39 - [0] -SH-D C:\ProgramData\Documenten
O43 - CFD: 14/07/2009 - 05:08:56 - [0] -SH-D C:\ProgramData\Documents
O43 - CFD: 30/03/2013 - 18:46:56 - [0,266] ----D C:\ProgramData\eSellerate
O43 - CFD: 06/10/2012 - 14:20:39 - [0] -SH-D C:\ProgramData\Favorieten
O43 - CFD: 14/07/2009 - 05:08:56 - [0] -SH-D C:\ProgramData\Favorites
O43 - CFD: 07/06/2012 - 13:20:47 - [51,854] ----D C:\ProgramData\Hewlett-Packard
O43 - CFD: 03/07/2013 - 17:49:33 - [0] ----D C:\ProgramData\IDM
O43 - CFD: 12/01/2013 - 10:17:55 - [1,251] ----D C:\ProgramData\ma-config.com
O43 - CFD: 12/10/2013 - 16:53:27 - [6,327] ----D C:\ProgramData\Malwarebytes
O43 - CFD: 06/10/2012 - 14:20:39 - [0] -SH-D C:\ProgramData\Menu Start
O43 - CFD: 02/02/2013 - 22:03:10 - [308,707] ----D C:\ProgramData\MFAData
O43 - CFD: 08/10/2013 - 06:24:10 - [-840,789] -S--D C:\ProgramData\Microsoft
O43 - CFD: 11/10/2013 - 03:03:24 - [0,062] ----D C:\ProgramData\Microsoft Help
O43 - CFD: 08/10/2012 - 18:04:27 - [0] ----D C:\ProgramData\Mozilla
O43 - CFD: 23/05/2013 - 14:12:05 - [628,844] ----D C:\ProgramData\MySQL
O43 - CFD: 30/01/2013 - 09:42:43 - [5,041] ----D C:\ProgramData\Nexon
O43 - CFD: 18/01/2013 - 14:20:51 - [0,039] ----D C:\ProgramData\Norton
O43 - CFD: 07/06/2012 - 13:04:23 - [31,354] ----D C:\ProgramData\NortonInstaller
O43 - CFD: 07/06/2012 - 12:49:33 - [4,337] ----D C:\ProgramData\Ralink Driver
O43 - CFD: 26/10/2012 - 17:03:11 - [0,002] ----D C:\ProgramData\regid.1986-12.com.adobe
O43 - CFD: 08/08/2013 - 23:32:14 - [11,289] ----D C:\ProgramData\Samsung
O43 - CFD: 06/10/2012 - 14:20:39 - [0] -SH-D C:\ProgramData\Sjablonen
O43 - CFD: 06/09/2013 - 18:28:29 - [70,906] ----D C:\ProgramData\Skype
O43 - CFD: 02/07/2013 - 22:18:56 - [2,967] ----D C:\ProgramData\Sony
O43 - CFD: 14/07/2009 - 05:08:56 - [0] -SH-D C:\ProgramData\Start Menu
O43 - CFD: 08/01/2013 - 16:40:54 - [0] ----D C:\ProgramData\Sun
O43 - CFD: 07/06/2012 - 13:18:57 - [0,002] ----D C:\ProgramData\Synaptics
O43 - CFD: 15/12/2012 - 23:16:49 - [212,661] ----D C:\ProgramData\TechSmith
O43 - CFD: 07/06/2012 - 13:10:21 - [0,086] ----D C:\ProgramData\Temp
O43 - CFD: 14/07/2009 - 05:08:56 - [0] -SH-D C:\ProgramData\Templates
O43 - CFD: 14/10/2012 - 10:51:02 - [0] ----D C:\ProgramData\Ubisoft
O43 - CFD: 08/06/2013 - 03:27:03 - [252,434] ----D C:\ProgramData\VirtualizedApplications
O43 - CFD: 07/10/2012 - 22:48:15 - [0,967] ----D C:\ProgramData\WildTangent
O43 - CFD: 26/03/2013 - 06:25:52 - [0] ----D C:\ProgramData\YoGen
O43 - CFD: 09/10/2012 - 13:33:04 - [4,870] --H-D C:\ProgramData\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
O43 - CFD: 17/10/2011 - 17:06:33 - [45,653] ----D C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
O43 - CFD: 05/08/2013 - 20:26:22 - [530,094] ----D C:\Users\bertrand\AppData\Roaming\Adobe
O43 - CFD: 02/11/2012 - 23:17:28 - [0,601] ----D C:\Users\bertrand\AppData\Roaming\Apple Computer
O43 - CFD: 06/10/2012 - 14:29:09 - [0] ----D C:\Users\bertrand\AppData\Roaming\ATI
O43 - CFD: 09/09/2013 - 19:06:50 - [0,031] ----D C:\Users\bertrand\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
O43 - CFD: 18/09/2013 - 15:39:17 - [0,024] ----D C:\Users\bertrand\AppData\Roaming\codeblocks
O43 - CFD: 25/10/2012 - 12:39:00 - [0,029] ----D C:\Users\bertrand\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
O43 - CFD: 20/12/2012 - 07:57:57 - [0,001] ----D C:\Users\bertrand\AppData\Roaming\CrystalIdea Software
O43 - CFD: 21/01/2013 - 16:17:41 - [0] ----D C:\Users\bertrand\AppData\Roaming\CyberLink
O43 - CFD: 27/07/2013 - 18:24:57 - [0] ----D C:\Users\bertrand\AppData\Roaming\DAEMON Tools Lite =>.DT Soft Ltd
O43 - CFD: 06/07/2013 - 14:26:58 - [0] ----D C:\Users\bertrand\AppData\Roaming\DAEMON Tools Pro
O43 - CFD: 16/10/2012 - 23:52:55 - [11,538] ----D C:\Users\bertrand\AppData\Roaming\Dev-Cpp
O43 - CFD: 12/10/2013 - 19:54:10 - [0,020] ----D C:\Users\bertrand\AppData\Roaming\DMCache
O43 - CFD: 30/01/2013 - 06:49:08 - [0] ----D C:\Users\bertrand\AppData\Roaming\DragonicaECB
O43 - CFD: 28/06/2013 - 20:17:00 - [0] ----D C:\Users\bertrand\AppData\Roaming\dvdcss
O43 - CFD: 07/01/2013 - 15:15:58 - [0,068] ----D C:\Users\bertrand\AppData\Roaming\FK_Monitor
O43 - CFD: 06/02/2013 - 17:14:26 - [0] ----D C:\Users\bertrand\AppData\Roaming\gtk-2.0
O43 - CFD: 08/10/2012 - 19:13:08 - [0,002] ----D C:\Users\bertrand\AppData\Roaming\Hewlett-Packard
O43 - CFD: 08/10/2012 - 05:56:01 - [0,080] ----D C:\Users\bertrand\AppData\Roaming\hpqlog
O43 - CFD: 06/10/2012 - 14:27:18 - [0] ----D C:\Users\bertrand\AppData\Roaming\Identities
O43 - CFD: 13/10/2013 - 11:03:21 - [15,304] ----D C:\Users\bertrand\AppData\Roaming\IDM
O43 - CFD: 14/10/2012 - 10:39:46 - [0,343] ----D C:\Users\bertrand\AppData\Roaming\Macromedia
O43 - CFD: 12/10/2013 - 16:59:16 - [104,042] ----D C:\Users\bertrand\AppData\Roaming\Malwarebytes
O43 - CFD: 07/06/2012 - 22:37:42 - [0] ----D C:\Users\bertrand\AppData\Roaming\Media Center Programs
O43 - CFD: 08/10/2013 - 06:23:23 - [16,753] -S--D C:\Users\bertrand\AppData\Roaming\Microsoft
O43 - CFD: 13/10/2013 - 11:32:40 - [0,578] ----D C:\Users\bertrand\AppData\Roaming\Mipony
O43 - CFD: 26/06/2013 - 08:02:51 - [24,015] ----D C:\Users\bertrand\AppData\Roaming\Mozilla
O43 - CFD: 23/05/2013 - 11:40:06 - [0,002] ----D C:\Users\bertrand\AppData\Roaming\MySQL
O43 - CFD: 07/02/2013 - 06:32:17 - [0] ----D C:\Users\bertrand\AppData\Roaming\NetMedia Providers
O43 - CFD: 23/10/2012 - 19:41:53 - [0] ----D C:\Users\bertrand\AppData\Roaming\Publish Providers
O43 - CFD: 06/09/2013 - 00:23:16 - [0,001] ----D C:\Users\bertrand\AppData\Roaming\Python-Eggs
O43 - CFD: 08/08/2013 - 23:33:33 - [0,348] ----D C:\Users\bertrand\AppData\Roaming\Samsung
O43 - CFD: 09/10/2013 - 07:10:54 - [0] ----D C:\Users\bertrand\AppData\Roaming\Skype
O43 - CFD: 26/07/2013 - 16:57:02 - [1,221] ----D C:\Users\bertrand\AppData\Roaming\SoftGrid Client
O43 - CFD: 02/07/2013 - 22:18:08 - [1,652] ----D C:\Users\bertrand\AppData\Roaming\Sony
O43 - CFD: 31/01/2013 - 14:54:31 - [0] ----D C:\Users\bertrand\AppData\Roaming\Sony Creative Software Inc
O43 - CFD: 06/10/2012 - 14:28:12 - [0] ----D C:\Users\bertrand\AppData\Roaming\Synaptics
O43 - CFD: 20/05/2013 - 11:57:08 - [1,175] ----D C:\Users\bertrand\AppData\Roaming\TeamViewer
O43 - CFD: 28/05/2013 - 05:22:53 - [0] ----D C:\Users\bertrand\AppData\Roaming\TP
O43 - CFD: 06/02/2013 - 19:54:00 - [0,376] ----D C:\Users\bertrand\AppData\Roaming\TS3Client
O43 - CFD: 02/02/2013 - 19:57:44 - [0] ----D C:\Users\bertrand\AppData\Roaming\TuneUp Software
O43 - CFD: 06/10/2013 - 23:28:01 - [13,621] ----D C:\Users\bertrand\AppData\Roaming\uTorrent =>P2P.�Torrent
O43 - CFD: 21/07/2013 - 22:16:12 - [3,403] ----D C:\Users\bertrand\AppData\Roaming\uTorrent Turbo Booster =>P2P.�Torrent
O43 - CFD: 13/10/2013 - 13:50:08 - [0,081] ----D C:\Users\bertrand\AppData\Roaming\vlc
O43 - CFD: 27/12/2012 - 06:59:52 - [77,106] ----D C:\Users\bertrand\AppData\Roaming\Wargaming.net
O43 - CFD: 07/10/2012 - 22:48:15 - [0] ----D C:\Users\bertrand\AppData\Roaming\WildTangent
O43 - CFD: 30/12/2012 - 06:10:07 - [0] ----D C:\Users\bertrand\AppData\Roaming\Windows Live Writer
O43 - CFD: 08/10/2012 - 17:44:43 - [0] ----D C:\Users\bertrand\AppData\Roaming\WinRAR
O43 - CFD: 13/10/2013 - 15:12:18 - [0,329] ----D C:\Users\bertrand\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 07/10/2012 - 20:05:05 - [0,003] ----D C:\Users\bertrand\AppData\Roaming\_MDLogs
O43 - CFD: 09/10/2013 - 16:26:31 - [17,162] ----D C:\Users\bertrand\AppData\Local\Adobe
O43 - CFD: 06/10/2012 - 14:29:27 - [0] ----D C:\Users\bertrand\AppData\Local\AMD
O43 - CFD: 09/10/2012 - 15:51:39 - [0] ----D C:\Users\bertrand\AppData\Local\Apple
O43 - CFD: 26/10/2012 - 17:58:46 - [120,131] ----D C:\Users\bertrand\AppData\Local\Apple Computer
O43 - CFD: 06/10/2012 - 14:20:55 - [0] -SH-D C:\Users\bertrand\AppData\Local\Application Data
O43 - CFD: 08/10/2012 - 17:46:26 - [1,487] ----D C:\Users\bertrand\AppData\Local\Apps
O43 - CFD: 06/10/2012 - 14:29:09 - [0,059] ----D C:\Users\bertrand\AppData\Local\ATI
O43 - CFD: 02/02/2013 - 19:28:39 - [0,001] ----D C:\Users\bertrand\AppData\Local\Avg2013
O43 - CFD: 10/10/2013 - 22:34:20 - [35,233] ----D C:\Users\bertrand\AppData\Local\CrashDumps
O43 - CFD: 21/01/2013 - 16:17:39 - [0,005] ----D C:\Users\bertrand\AppData\Local\CyberLink
O43 - CFD: 21/09/2013 - 17:32:59 - [0,001] ----D C:\Users\bertrand\AppData\Local\Darksiders2
O43 - CFD: 08/10/2012 - 17:47:44 - [0] ----D C:\Users\bertrand\AppData\Local\Deployment
O43 - CFD: 08/08/2013 - 23:15:53 - [66,525] ----D C:\Users\bertrand\AppData\Local\Downloaded Installations
O43 - CFD: 10/10/2012 - 20:54:21 - [0,001] ----D C:\Users\bertrand\AppData\Local\Dragonshorn_Studios
O43 - CFD: 09/07/2013 - 15:14:15 - [0] ----D C:\Users\bertrand\AppData\Local\ElevatedDiagnostics
O43 - CFD: 09/12/2012 - 02:44:16 - [7,416] ----D C:\Users\bertrand\AppData\Local\Facebook
O43 - CFD: 26/06/2013 - 08:54:44 - [178,706] ----D C:\Users\bertrand\AppData\Local\Google
O43 - CFD: 06/10/2012 - 14:23:47 - [0,384] ----D C:\Users\bertrand\AppData\Local\Hewlett-Packard
O43 - CFD: 08/10/2012 - 19:13:07 - [0,003] ----D C:\Users\bertrand\AppData\Local\Hewlett-Packard_Company
O43 - CFD: 06/10/2012 - 14:20:55 - [0] -SH-D C:\Users\bertrand\AppData\Local\History
O43 - CFD: 26/10/2012 - 21:12:16 - [0] ----D C:\Users\bertrand\AppData\Local\Macromedia
O43 - CFD: 25/01/2013 - 13:04:21 - [0] ----D C:\Users\bertrand\AppData\Local\MediaGet2 =>PUP.MediaGet
O43 - CFD: 02/02/2013 - 19:28:39 - [9,843] ----D C:\Users\bertrand\AppData\Local\MFAData
O43 - CFD: 07/08/2013 - 19:45:41 - [328,703] ----D C:\Users\bertrand\AppData\Local\Microsoft
O43 - CFD: 25/06/2013 - 05:04:56 - [0,660] ----D C:\Users\bertrand\AppData\Local\Microsoft Games
O43 - CFD: 26/07/2013 - 16:39:49 - [0] ----D C:\Users\bertrand\AppData\Local\Microsoft Help
O43 - CFD: 01/10/2013 - 14:20:49 - [186,173] ----D C:\Users\bertrand\AppData\Local\Mozilla
O43 - CFD: 01/07/2013 - 18:13:27 - [0] ----D C:\Users\bertrand\AppData\Local\Programs
O43 - CFD: 06/10/2012 - 14:22:36 - [0] ----D C:\Users\bertrand\AppData\Local\RemEngine
O43 - CFD: 08/08/2013 - 23:33:34 - [0,011] ----D C:\Users\bertrand\AppData\Local\Samsung
O43 - CFD: 13/10/2013 - 14:53:55 - [0] ----D C:\Users\bertrand\AppData\Local\Sidebar7
O43 - CFD: 21/09/2013 - 15:03:37 - [0,122] ----D C:\Users\bertrand\AppData\Local\SKIDROW
O43 - CFD: 28/05/2013 - 05:22:45 - [0,348] ----D C:\Users\bertrand\AppData\Local\SoftGrid Client
O43 - CFD: 07/02/2013 - 06:32:30 - [51,125] ----D C:\Users\bertrand\AppData\Local\Sony
O43 - CFD: 09/10/2012 - 23:42:16 - [0,001] ----D C:\Users\bertrand\AppData\Local\Stardock
O43 - CFD: 15/12/2012 - 23:21:00 - [0,005] ----D C:\Users\bertrand\AppData\Local\TechSmith
O43 - CFD: 13/10/2013 - 15:09:40 - [953,933] ----D C:\Users\bertrand\AppData\Local\Temp
O43 - CFD: 06/10/2012 - 14:20:55 - [0] -SH-D C:\Users\bertrand\AppData\Local\Temporary Internet Files
O43 - CFD: 10/10/2013 - 18:37:12 - [0] ----D C:\Users\bertrand\AppData\Local\VirtualStore
O43 - CFD: 30/12/2012 - 06:06:36 - [0,618] ----D C:\Users\bertrand\AppData\Local\Windows Live Writer
O43 - CFD: 03/02/2013 - 18:23:33 - [0,072] ----D C:\Users\bertrand\AppData\Local\Your Freedom
O43 - CFD: 14/07/2009 - 04:54:32 - [0,014] R---D C:\Users\bertrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 10/10/2013 - 07:21:01 - [0] R---D C:\Users\bertrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 16/10/2012 - 22:06:46 - [0] ----D C:\Users\bertrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++
O43 - CFD: 21/10/2012 - 16:08:45 - [0] ----D C:\Users\bertrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks
O43 - CFD: 09/10/2012 - 14:04:11 - [0,002] ----D C:\Users\bertrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dragonshorn Studios
O43 - CFD: 09/10/2012 - 15:31:44 - [0,001] ----D C:\Users\bertrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FMW - Ultimate Reborn
O43 - CFD: 20/12/2012 - 08:43:35 - [0,004] ----D C:\Users\bertrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
O43 - CFD: 06/07/2013 - 14:30:06 - [0] ----D C:\Users\bertrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
O43 - CFD: 03/09/2013 - 15:28:24 - [0,006] ----D C:\Users\bertrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
O43 - CFD: 14/07/2009 - 04:49:38 - [0,001] R---D C:\Users\bertrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 17/09/2013 - 05:13:24 - [0] ----D C:\Users\bertrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony
O43 - CFD: 28/08/2013 - 23:01:41 - [0,001] R---D C:\Users\bertrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures - Shortcut
O43 - CFD: 16/01/2013 - 11:17:15 - [0] ----D C:\Users\bertrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAR Password Cracker
O43 - CFD: 12/10/2013 - 14:31:59 - [0] R---D C:\Users\bertrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 05/11/2012 - 20:25:50 - [0,007] ----D C:\Users\bertrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SuperCopier2
O43 - CFD: 08/10/2012 - 15:01:50 - [0,003] ----D C:\Users\bertrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
~ Program Folder: 260 Scanned in 00mn 29s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.059F00DEF82BF41E433B7ED465847726] - 09/10/2013 - 16:40:15 ---A- . (.Microsoft Corporation - ATAPI Driver Extension.) -- C:\Windows\System32\Drivers\ataport.sys [155584]
O44 - LFC:[MD5.B3CA3253009D26666F5BCB16E77D2618] - 09/10/2013 - 16:41:39 ---A- . (.Microsoft Corporation - Time Zones resource DLL.) -- C:\Windows\SysNative\tzres.dll [2048]
O44 - LFC:[MD5.B3CA3253009D26666F5BCB16E77D2618] - 09/10/2013 - 16:41:39 ---A- . (.Microsoft Corporation - Time Zones resource DLL.) -- C:\Windows\System32\tzres.dll [2048]
O44 - LFC:[MD5.67CF11E00D026A5C0C88EA5F84D501E5] - 09/10/2013 - 17:08:13 ---A- . (.Microsoft Corporation - Client Side Rendering Print Provider.) -- C:\Windows\SysNative\win32spl.dll [751104]
O44 - LFC:[MD5.67CF11E00D026A5C0C88EA5F84D501E5] - 09/10/2013 - 17:08:13 ---A- . (.Microsoft Corporation - Client Side Rendering Print Provider.) -- C:\Windows\System32\win32spl.dll [751104]
O44 - LFC:[MD5.23B001185B7C3CB1F4BDEB143E6B45B7] - 09/10/2013 - 17:09:06 ---A- . (.Microsoft Corporation - Shell Doc Object and Control Library.) -- C:\Windows\SysNative\shdocvw.dll [197120]
O44 - LFC:[MD5.23B001185B7C3CB1F4BDEB143E6B45B7] - 09/10/2013 - 17:09:06 ---A- . (.Microsoft Corporation - Shell Doc Object and Control Library.) -- C:\Windows\System32\shdocvw.dll [197120]
O44 - LFC:[MD5.AD662B34B161198B9D66A564EDDA7D43] - 09/10/2013 - 17:09:08 ---A- . (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\Windows\SysNative\shell32.dll [14172672]
O44 - LFC:[MD5.AD662B34B161198B9D66A564EDDA7D43] - 09/10/2013 - 17:09:08 ---A- . (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\Windows\System32\shell32.dll [14172672]
O44 - LFC:[MD5.4CE278FC9671BA81A138D70823FCAA09] - 09/10/2013 - 17:17:52 ---A- . (.Microsoft Corporation - TS Security Filter Driver.) -- C:\Windows\System32\Drivers\tssecsrv.sys [39936]
O44 - LFC:[MD5.A3EC566925BEC505E2418C1AC14E541E] - 09/10/2013 - 17:19:48 ---A- . (.Microsoft Corporation - DirectShow Editing..) -- C:\Windows\SysNative\qedit.dll [624128]
O44 - LFC:[MD5.A3EC566925BEC505E2418C1AC14E541E] - 09/10/2013 - 17:19:48 ---A- . (.Microsoft Corporation - DirectShow Editing..) -- C:\Windows\System32\qedit.dll [624128]
O44 - LFC:[MD5.26036E228D2467DE6975AD819C22C043] - 09/10/2013 - 17:19:50 ---A- . (.Microsoft Corporation - Remote Procedure Call Runtime.) -- C:\Windows\SysNative\rpcrt4.dll [1217024]
O44 - LFC:[MD5.26036E228D2467DE6975AD819C22C043] - 09/10/2013 - 17:19:50 ---A- . (.Microsoft Corporation - Remote Procedure Call Runtime.) -- C:\Windows\System32\rpcrt4.dll [1217024]
O44 - LFC:[MD5.D29200AB0B37B7293C6942EAF755295E] - 09/10/2013 - 17:20:09 ---A- . (.Microsoft Corporation - Windows Media Video Decoder.) -- C:\Windows\SysNative\WMVDECOD.DLL [1888768]
O44 - LFC:[MD5.D29200AB0B37B7293C6942EAF755295E] - 09/10/2013 - 17:20:09 ---A- . (.Microsoft Corporation - Windows Media Video Decoder.) -- C:\Windows\System32\WMVDECOD.DLL [1888768]
O44 - LFC:[MD5.70A1D465390C393AA118D9764E065B06] - 09/10/2013 - 17:23:05 ---A- . (.Microsoft Corporation - ApiSet Schema DLL.) -- C:\Windows\SysNative\apisetschema.dll [6656]
O44 - LFC:[MD5.70A1D465390C393AA118D9764E065B06] - 09/10/2013 - 17:23:05 ---A- . (.Microsoft Corporation - ApiSet Schema DLL.) -- C:\Windows\System32\apisetschema.dll [6656]
O44 - LFC:[MD5.086253AE3B22C36250DC2B6F3DA12A66] - 09/10/2013 - 17:23:06 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [3072]
O44 - LFC:[MD5.658C0350AE17BE353C9702B7066552DA] - 09/10/2013 - 17:23:06 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [4096]
O44 - LFC:[MD5.086253AE3B22C36250DC2B6F3DA12A66] - 09/10/2013 - 17:23:06 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [3072]
O44 - LFC:[MD5.658C0350AE17BE353C9702B7066552DA] - 09/10/2013 - 17:23:06 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [4096]
O44 - LFC:[MD5.42CEC47D5DD2408FD697FDD3E9345EE8] - 09/10/2013 - 17:23:07 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [3072]
O44 - LFC:[MD5.3BF0E121994E56354A60F5FD34FA21A9] - 09/10/2013 - 17:23:07 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [3072]
O44 - LFC:[MD5.85CF163107174055502CB9C3F3F932C1] - 09/10/2013 - 17:23:07 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [3072]
O44 - LFC:[MD5.5A111E749D8FEB5D81344BF3E5151FF8] - 09/10/2013 - 17:23:07 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [3072]
O44 - LFC:[MD5.080F67191188D7FDA18128E20F02BFB6] - 09/10/2013 - 17:23:07 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [3072]
O44 - LFC:[MD5.7352AFE4F84DF676DB5C073A6C0F2079] - 09/10/2013 - 17:23:07 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [3072]
O44 - LFC:[MD5.1932D68DFAC61B8D948C72BBAA2298F7] - 09/10/2013 - 17:23:07 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [3584]
O44 - LFC:[MD5.DEFA7B8DE72E32975BFE510A9A070DB9] - 09/10/2013 - 17:23:07 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [3072]
O44 - LFC:[MD5.42CEC47D5DD2408FD697FDD3E9345EE8] - 09/10/2013 - 17:23:07 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [3072]
O44 - LFC:[MD5.3BF0E121994E56354A60F5FD34FA21A9] - 09/10/2013 - 17:23:07 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [3072]
O44 - LFC:[MD5.85CF163107174055502CB9C3F3F932C1] - 09/10/2013 - 17:23:07 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [3072]
O44 - LFC:[MD5.5A111E749D8FEB5D81344BF3E5151FF8] - 09/10/2013 - 17:23:07 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [3072]
O44 - LFC:[MD5.080F67191188D7FDA18128E20F02BFB6] - 09/10/2013 - 17:23:07 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [3072]
O44 - LFC:[MD5.7352AFE4F84DF676DB5C073A6C0F2079] - 09/10/2013 - 17:23:07 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [3072]
O44 - LFC:[MD5.1932D68DFAC61B8D948C72BBAA2298F7] - 09/10/2013 - 17:23:07 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [3584]
O44 - LFC:[MD5.DEFA7B8DE72E32975BFE510A9A070DB9] - 09/10/2013 - 17:23:07 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [3072]
O44 - LFC:[MD5.05E53F5007735F6A05ED7399FA83E018] - 09/10/2013 - 17:23:08 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [3072]
O44 - LFC:[MD5.458D127BFD9C1D4E222DC9C0CFA63F51] - 09/10/2013 - 17:23:08 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [3584]
O44 - LFC:[MD5.1DE1EF3E5544BE43A47475E28D37CC61] - 09/10/2013 - 17:23:08 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [4096]
O44 - LFC:[MD5.79792754A32FD8E78750ECD914DFF1A0] - 09/10/2013 - 17:23:08 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [3584]
O44 - LFC:[MD5.B6FD55B98E39E3525545EB32BF3BE4F9] - 09/10/2013 - 17:23:08 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [3584]
O44 - LFC:[MD5.9358716F7CFE70AFB4077B7606E271A4] - 09/10/2013 - 17:23:08 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [4608]
O44 - LFC:[MD5.28844333D0BDA164517CFC6AD854FD45] - 09/10/2013 - 17:23:08 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [3072]
O44 - LFC:[MD5.05E53F5007735F6A05ED7399FA83E018] - 09/10/2013 - 17:23:08 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [3072]
O44 - LFC:[MD5.458D127BFD9C1D4E222DC9C0CFA63F51] - 09/10/2013 - 17:23:08 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [3584]
O44 - LFC:[MD5.1DE1EF3E5544BE43A47475E28D37CC61] - 09/10/2013 - 17:23:08 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [4096]
O44 - LFC:[MD5.79792754A32FD8E78750ECD914DFF1A0] - 09/10/2013 - 17:23:08 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [3584]
O44 - LFC:[MD5.B6FD55B98E39E3525545EB32BF3BE4F9] - 09/10/2013 - 17:23:08 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [3584]
O44 - LFC:[MD5.9358716F7CFE70AFB4077B7606E271A4] - 09/10/2013 - 17:23:08 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [4608]
O44 - LFC:[MD5.28844333D0BDA164517CFC6AD854FD45] - 09/10/2013 - 17:23:08 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [3072]
O44 - LFC:[MD5.76FF67FECC25907F10B61344DCAFACA6] - 09/10/2013 - 17:23:09 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [5120]
O44 - LFC:[MD5.2E48870DCB38A45066BD8793A9EBB382] - 09/10/2013 - 17:23:09 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [3584]
O44 - LFC:[MD5.76AF1CFB8F2F34D610620748C973C1D0] - 09/10/2013 - 17:23:09 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [3584]
O44 - LFC:[MD5.0385D7C4F529AEF0AB66C155B04A4371] - 09/10/2013 - 17:23:09 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [3584]
O44 - LFC:[MD5.46EBE45B5F513830637747CA89997D4E] - 09/10/2013 - 17:23:09 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [3072]
O44 - LFC:[MD5.3F0271A3680F01DE82CB851DA5847AE6] - 09/10/2013 - 17:23:09 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [4096]
O44 - LFC:[MD5.C2393533781A21725857929A016D54D8] - 09/10/2013 - 17:23:09 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [4096]
O44 - LFC:[MD5.9F4F7CA2CF6E958EFFE108F652AC1776] - 09/10/2013 - 17:23:09 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [4608]
O44 - LFC:[MD5.94AF4F91BAF0C5F0961E2DE2AA913287] - 09/10/2013 - 17:23:09 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [3072]
O44 - LFC:[MD5.4D0D2E999D9F2200C9E352CFA39B9312] - 09/10/2013 - 17:23:09 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [3072]
O44 - LFC:[MD5.73F813661E48CC37EF789C1AE8E71114] - 09/10/2013 - 17:23:09 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [6144]
O44 - LFC:[MD5.76FF67FECC25907F10B61344DCAFACA6] - 09/10/2013 - 17:23:09 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [5120]
O44 - LFC:[MD5.2E48870DCB38A45066BD8793A9EBB382] - 09/10/2013 - 17:23:09 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [3584]
O44 - LFC:[MD5.76AF1CFB8F2F34D610620748C973C1D0] - 09/10/2013 - 17:23:09 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [3584]
O44 - LFC:[MD5.0385D7C4F529AEF0AB66C155B04A4371] - 09/10/2013 - 17:23:09 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [3584]
O44 - LFC:[MD5.46EBE45B5F513830637747CA89997D4E] - 09/10/2013 - 17:23:09 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [3072]
O44 - LFC:[MD5.3F0271A3680F01DE82CB851DA5847AE6] - 09/10/2013 - 17:23:09 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [4096]
O44 - LFC:[MD5.C2393533781A21725857929A016D54D8] - 09/10/2013 - 17:23:09 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [4096]
O44 - LFC:[MD5.9F4F7CA2CF6E958EFFE108F652AC1776] - 09/10/2013 - 17:23:09 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [4608]
O44 - LFC:[MD5.94AF4F91BAF0C5F0961E2DE2AA913287] - 09/10/2013 - 17:23:09 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [3072]
O44 - LFC:[MD5.4D0D2E999D9F2200C9E352CFA39B9312] - 09/10/2013 - 17:23:09 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [3072]
O44 - LFC:[MD5.73F813661E48CC37EF789C1AE8E71114] - 09/10/2013 - 17:23:09 --HA- . (.Microsoft Corporation - ApiSet Stub DLL.) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [6144]
O44 - LFC:[MD5.216BABD555BC550952320EEA89C25DDF] - 09/10/2013 - 17:23:10 ---A- . (.Microsoft Corporation - Client Server Runtime Process.) -- C:\Windows\SysNative\csrsrv.dll [43520]
O44 - LFC:[MD5.216BABD555BC550952320EEA89C25DDF] - 09/10/2013 - 17:23:10 ---A- . (.Microsoft Corporation - Client Server Runtime Process.) -- C:\Windows\System32\csrsrv.dll [43520]
O44 - LFC:[MD5.BF95EA5809E3BBF55370F7CB309FEBD0] - 09/10/2013 - 17:23:10 ---A- . (.Microsoft Corporation - Console Window Host.) -- C:\Windows\SysNative\conhost.exe [338432]
O44 - LFC:[MD5.BF95EA5809E3BBF55370F7CB309FEBD0] - 09/10/2013 - 17:23:10 ---A- . (.Microsoft Corporation - Console Window Host.) -- C:\Windows\System32\conhost.exe [338432]
O44 - LFC:[MD5.88EDD0B34EED542745931E581AD21A32] - 09/10/2013 - 17:23:10 ---A- . (.Microsoft Corporation - Multi-User Windows Server DLL.) -- C:\Windows\SysNative\winsrv.dll [215040]
O44 - LFC:[MD5.88EDD0B34EED542745931E581AD21A32] - 09/10/2013 - 17:23:10 ---A- . (.Microsoft Corporation - Multi-User Windows Server DLL.) -- C:\Windows\System32\winsrv.dll [215040]
O44 - LFC:[MD5.F0970A4BC8395659C22BF53D0FADF16F] - 09/10/2013 - 17:23:10 ---A- . (.Microsoft Corporation - Windows Session Manager.) -- C:\Windows\SysNative\smss.exe [112640]
O44 - LFC:[MD5.F0970A4BC8395659C22BF53D0FADF16F] - 09/10/2013 - 17:23:10 ---A- . (.Microsoft Corporation - Windows Session Manager.) -- C:\Windows\System32\smss.exe [112640]
O44 - LFC:[MD5.D8973E71F1B35CD3F3DEA7C12D49D0F0] - 09/10/2013 - 17:23:11 ---A- . (.Microsoft Corporation - Windows NT BASE API Client DLL.) -- C:\Windows\SysNative\kernel32.dll [1161216]
O44 - LFC:[MD5.D8973E71F1B35CD3F3DEA7C12D49D0F0] - 09/10/2013 - 17:23:11 ---A- . (.Microsoft Corporation - Windows NT BASE API Client DLL.) -- C:\Windows\System32\kernel32.dll [1161216]
O44 - LFC:[MD5.B22C00ED0491FD7B8803D7DDE2849F4C] - 09/10/2013 - 17:23:12 ---A- . (.Microsoft Corporation - Windows NT BASE API Client DLL.) -- C:\Windows\SysNative\KernelBase.dll [424448]
O44 - LFC:[MD5.B22C00ED0491FD7B8803D7DDE2849F4C] - 09/10/2013 - 17:23:12 ---A- . (.Microsoft Corporation - Windows NT BASE API Client DLL.) -- C:\Windows\System32\KernelBase.dll [424448]
O44 - LFC:[MD5.A6B726DCA228F7878E38368A1BDC68BE] - 09/10/2013 - 17:24:42 ---A- . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\SysNative\cryptnet.dll [139776]
O44 - LFC:[MD5.A6B726DCA228F7878E38368A1BDC68BE] - 09/10/2013 - 17:24:42 ---A- . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll [139776]
O44 - LFC:[MD5.6B400F211BEE880A37A1ED0368776BF4] - 09/10/2013 - 17:24:42 ---A- . (.Microsoft Corporation - Cryptographic Services.) -- C:\Windows\SysNative\cryptsvc.dll [184320]
O44 - LFC:[MD5.6B400F211BEE880A37A1ED0368776BF4] - 09/10/2013 - 17:24:42 ---A- . (.Microsoft Corporation - Cryptographic Services.) -- C:\Windows\System32\cryptsvc.dll [184320]
O44 - LFC:[MD5.287998A9BA0140ABB59792CDEB2F8483] - 09/10/2013 - 17:24:43 ---A- . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\SysNative\crypt32.dll [1472512]
O44 - LFC:[MD5.287998A9BA0140ABB59792CDEB2F8483] - 09/10/2013 - 17:24:43 ---A- . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll [1472512]
O44 - LFC:[MD5.959041D7014C97133D859B45BCA0FC58] - 09/10/2013 - 17:24:43 ---A- . (.Microsoft Corporation - Microsoft Trust Verification APIs.) -- C:\Windows\SysNative\wintrust.dll [224256]
O44 - LFC:[MD5.959041D7014C97133D859B45BCA0FC58] - 09/10/2013 - 17:24:43 ---A- . (.Microsoft Corporation - Microsoft Trust Verification APIs.) -- C:\Windows\System32\wintrust.dll [224256]
O44 - LFC:[MD5.280E90CBF4B2DDD169F0728CB44D726F] - 09/10/2013 - 17:24:50 ---A- . (.Microsoft Corporation - Default Hub Driver for USB.) -- C:\Windows\System32\Drivers\usbhub.sys [343040]
O44 - LFC:[MD5.9406D801042FAF859CF81B2C886413DC] - 09/10/2013 - 17:24:50 ---A- . (.Microsoft Corporation - OHCI USB Miniport Driver.) -- C:\Windows\System32\Drivers\usbohci.sys [25600]
O44 - LFC:[MD5.A83D0EC9AE4C31704442099D40BA2471] - 09/10/2013 - 17:24:50 ---A- . (.Microsoft Corporation - UHCI USB Miniport Driver.) -- C:\Windows\System32\Drivers\usbuhci.sys [30720]
O44 - LFC:[MD5.311C1DD1088E55BEAE15954D17F50646] - 09/10/2013 - 17:24:51 ---A- . (.Microsoft Corporation - EHCI eUSB Miniport Driver.) -- C:\Windows\System32\Drivers\usbehci.sys [52736]
O44 - LFC:[MD5.E73A7A04FDAC9DD46EE2A4257F09E91C] - 09/10/2013 - 17:24:51 ---A- . (.Microsoft Corporation - USB 1.1 & 2.0 Port Driver.) -- C:\Windows\System32\Drivers\usbport.sys [325120]
O44 - LFC:[MD5.ACCEA6BC68D0C9A78EB97EE159028B4E] - 09/10/2013 - 17:24:51 ---A- . (.Microsoft Corporation - USB Common Class Generic Parent Driver.) -- C:\Windows\System32\Drivers\usbccgp.sys [99840]
O44 - LFC:[MD5.861C197502A5057E68F0AC75D9EFCDD7] - 09/10/2013 - 17:24:51 ---A- . (.Microsoft Corporation - Universal Serial Bus Driver.) -- C:\Windows\System32\Drivers\usbd.sys [7808]
O44 - LFC:[MD5.56661BB55AE4633677F846FFCD080ECA] - 09/10/2013 - 17:24:58 ---A- . (.Microsoft Corporation - Update Package Cleanup.) -- C:\Windows\SysNative\scavengeui.dll [461312]
O44 - LFC:[MD5.56661BB55AE4633677F846FFCD080ECA] - 09/10/2013 - 17:24:58 ---A- . (.Microsoft Corporation - Update Package Cleanup.) -- C:\Windows\System32\scavengeui.dll [461312]
O44 - LFC:[MD5.53BD875C7C0808235BFB803C1A8BE009] - 09/10/2013 - 17:24:59 ---A- . (.Microsoft Corporation - DirectX Graphics Kernel.) -- C:\Windows\System32\Drivers\dxgkrnl.sys [984512]
O44 - LFC:[MD5.E6DE47E2B2E36018E071D4E44AEBBFAC] - 09/10/2013 - 17:24:59 ---A- . (.Microsoft Corporation - DirectX Graphics MMS.) -- C:\Windows\System32\Drivers\dxgmms1.sys [265152]
O44 - LFC:[MD5.79BEC88D21DB3611C2A0B453D4846A8E] - 09/10/2013 - 17:25:05 ---A- . (.Microsoft Corporation - Microsoft DirectX Typography Services.) -- C:\Windows\SysNative\DWrite.dll [1545728]
O44 - LFC:[MD5.79BEC88D21DB3611C2A0B453D4846A8E] - 09/10/2013 - 17:25:05 ---A- . (.Microsoft Corporation - Microsoft DirectX Typography Services.) -- C:\Windows\System32\DWrite.dll [1545728]
O44 - LFC:[MD5.76C196B109E4BFA50132EF50AF6A1C1B] - 09/10/2013 - 17:25:05 ---A- . (.Microsoft Corporation - Windows Font Cache Service.) -- C:\Windows\SysNative\FntCache.dll [1143296]
O44 - LFC:[MD5.76C196B109E4BFA50132EF50AF6A1C1B] - 09/10/2013 - 17:25:05 ---A- . (.Microsoft Corporation - Windows Font Cache Service.) -- C:\Windows\System32\FntCache.dll [1143296]
O44 - LFC:[MD5.764DF431D13537A575752009E7740F18] - 09/10/2013 - 17:25:06 ---A- . (.Microsoft Corporation - WinFX OpenType/CFF Rasterizer.) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll [124112]
O44 - LFC:[MD5.764DF431D13537A575752009E7740F18] - 09/10/2013 - 17:25:06 ---A- . (.Microsoft Corporation - WinFX OpenType/CFF Rasterizer.) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll [124112]
O44 - LFC:[MD5.C06FAAF13E37CE482F612AFF2D2331F3] - 09/10/2013 - 17:25:36 ---A- . (.Microsoft Corporation - Microsoft Common Certificate Dialogs.) -- C:\Windows\SysNative\cryptdlg.dll [30720]
O44 - LFC:[MD5.C06FAAF13E37CE482F612AFF2D2331F3] - 09/10/2013 - 17:25:36 ---A- . (.Microsoft Corporation - Microsoft Common Certificate Dialogs.) -- C:\Windows\System32\cryptdlg.dll [30720]
O44 - LFC:[MD5.19320B121BFE7462EADD50A42C81AFD0] - 09/10/2013 - 17:37:56 ---A- . (.Microsoft Corporation - Multi-User Win32 Driver.) -- C:\Windows\SysNative\win32k.sys [3155968]
O44 - LFC:[MD5.19320B121BFE7462EADD50A42C81AFD0] - 09/10/2013 - 17:37:56 ---A- . (.Microsoft Corporation - Multi-User Win32 Driver.) -- C:\Windows\System32\win32k.sys [3155968]
O44 - LFC:[MD5.B32AB94A432289AC2DF77A3DCAD32EED] - 09/10/2013 - 17:38:21 ---A- . (.Microsoft Corporation - Web DAV Client DLL.) -- C:\Windows\SysNative\davclnt.dll [102400]
O44 - LFC:[MD5.B32AB94A432289AC2DF77A3DCAD32EED] - 09/10/2013 - 17:38:21 ---A- . (.Microsoft Corporation - Web DAV Client DLL.) -- C:\Windows\System32\davclnt.dll [102400]
O44 - LFC:[MD5.1A4F75E63C9FB84B85DFFC6B63FD5404] - 09/10/2013 - 17:38:21 ---A- . (.Microsoft Corporation - Windows NT WebDav Minirdr.) -- C:\Windows\System32\Drivers\mrxdav.sys [140800]
O44 - LFC:[MD5.0EB0E5D22B1760F2DBCE632F2DD7A54D] - 09/10/2013 - 17:38:22 ---A- . (.Microsoft Corporation - Web DAV Service DLL.) -- C:\Windows\SysNative\WebClnt.dll [259584]
O44 - LFC:[MD5.0EB0E5D22B1760F2DBCE632F2DD7A54D] - 09/10/2013 - 17:38:22 ---A- . (.Microsoft Corporation - Web DAV Service DLL.) -- C:\Windows\System32\WebClnt.dll [259584]
O44 - LFC:[MD5.80B0F7D5CCF86CEB5D402EAAF61FEC31] - 09/10/2013 - 17:42:47 ---A- . (.Microsoft Corporation - USB Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\usbcir.sys [100864]
O44 - LFC:[MD5.1F775DA4CF1A3A1834207E975A72E9D7] - 09/10/2013 - 17:42:47 ---A- . (.Microsoft Corporation - USB Video Class Driver.) -- C:\Windows\System32\Drivers\usbvideo.sys [185344]
O44 - LFC:[MD5.E2C933EDBC389386EBE6D2BA953F43D8] - 09/10/2013 - 17:43:23 ---A- . (.Microsoft Corporation - Kernel Mode Driver Framework Runtime.) -- C:\Windows\System32\Drivers\Wdf01000.sys [785624]
O44 - LFC:[MD5.9028D1621C43DF8DFBD1C76860412A11] - 09/10/2013 - 17:48:51 ---A- . (.Microsoft Corporation - User Experience Controls Library.) -- C:\Windows\SysNative\comctl32.dll [633856]
O44 - LFC:[MD5.9028D1621C43DF8DFBD1C76860412A11] - 09/10/2013 - 17:48:51 ---A- . (.Microsoft Corporation - User Experience Controls Library.) -- C:\Windows\System32\comctl32.dll [633856]
O44 - LFC:[MD5.2A66E81AE941E54A237490FC35D387C8] - 10/10/2013 - 04:54:30 ---A- . (...) -- C:\Windows\epplauncher.mif [1945]
O44 - LFC:[MD5.F210546A7E54361B4E26B07A1959DBD1] - 10/10/2013 - 06:19:06 ---A- . (.Microsoft Corporation - Internet Browser.) -- C:\Windows\SysNative\ieframe.dll [10926080]
O44 - LFC:[MD5.F210546A7E54361B4E26B07A1959DBD1] - 10/10/2013 - 06:19:06 ---A- . (.Microsoft Corporation - Internet Browser.) -- C:\Windows\System32\ieframe.dll [10926080]
O44 - LFC:[MD5.88664D38A94CDBD372ABB617E2928C37] - 10/10/2013 - 06:19:15 ---A- . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysNative\mshtml.dll [17833984]
O44 - LFC:[MD5.88664D38A94CDBD372ABB617E2928C37] - 10/10/2013 - 06:19:15 ---A- . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll [17833984]
O44 - LFC:[MD5.BA4EAF171692FEC3F22DC8ED588C125E] - 10/10/2013 - 06:19:25 ---A- . (.Microsoft Corporation - Microsoft � JScript.) -- C:\Windows\SysNative\jscript.dll [816640]
O44 - LFC:[MD5.BA4EAF171692FEC3F22DC8ED588C125E] - 10/10/2013 - 06:19:25 ---A- . (.Microsoft Corporation - Microsoft � JScript.) -- C:\Windows\System32\jscript.dll [816640]
O44 - LFC:[MD5.FB20289B5331AE4D36EB39F3762C6527] - 10/10/2013 - 06:19:25 ---A- . (.Microsoft Corporation - Microsoft � VBScript.) -- C:\Windows\SysNative\vbscript.dll [599040]
O44 - LFC:[MD5.FB20289B5331AE4D36EB39F3762C6527] - 10/10/2013 - 06:19:25 ---A- . (.Microsoft Corporation - Microsoft � VBScript.) -- C:\Windows\System32\vbscript.dll [599040]
O44 - LFC:[MD5.224FF6EA2D15F6D808AE25D869DED005] - 10/10/2013 - 06:19:27 ---A- . (.Microsoft Corporation - Run time utility for Internet Explorer.) -- C:\Windows\SysNative\iertutil.dll [2147840]
O44 - LFC:[MD5.224FF6EA2D15F6D808AE25D869DED005] - 10/10/2013 - 06:19:27 ---A- . (.Microsoft Corporation - Run time utility for Internet Explorer.) -- C:\Windows\System32\iertutil.dll [2147840]
O44 - LFC:[MD5.26FCE63F15EADEFCB0E1D37A6CD6939B] - 10/10/2013 - 06:19:28 ---A- . (.Microsoft Corporation - Internet Control Panel.) -- C:\Windows\SysNative\inetcpl.cpl [1494528]
O44 - LFC:[MD5.26FCE63F15EADEFCB0E1D37A6CD6939B] - 10/10/2013 - 06:19:28 ---A- . (.Microsoft Corporation - Internet Control Panel.) -- C:\Windows\System32\inetcpl.cpl [1494528]
O44 - LFC:[MD5.F45A1C24BC50B41659F6318C4F7C4533] - 10/10/2013 - 06:19:28 ---A- . (.Microsoft Corporation - Microsoft � JScript.) -- C:\Windows\SysNative\jscript9.dll [2312704]
O44 - LFC:[MD5.F45A1C24BC50B41659F6318C4F7C4533] - 10/10/2013 - 06:19:28 ---A- . (.Microsoft Corporation - Microsoft � JScript.) -- C:\Windows\System32\jscript9.dll [2312704]
O44 - LFC:[MD5.83A99C79BA5980FB187CCE825C5AECDE] - 10/10/2013 - 06:19:30 ---A- . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysNative\urlmon.dll [1346560]
O44 - LFC:[MD5.83A99C79BA5980FB187CCE825C5AECDE] - 10/10/2013 - 06:19:30 ---A- . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll [1346560]
O44 - LFC:[MD5.7C9B58CEF5954116B8C79E845F866C2B] - 10/10/2013 - 06:19:31 ---A- . (...) -- C:\AdwCleaner[R6].txt [1880]
O44 - LFC:[MD5.A9B0F7A6C9839F931829CD0FF34D82F8] - 10/10/2013 - 06:19:32 ---A- . (.Microsoft Corporation - JScript Proxy Auto-Configuration.) -- C:\Windows\SysNative\jsproxy.dll [85504]
O44 - LFC:[MD5.A9B0F7A6C9839F931829CD0FF34D82F8] - 10/10/2013 - 06:19:32 ---A- . (.Microsoft Corporation - JScript Proxy Auto-Configuration.) -- C:\Windows\System32\jsproxy.dll [85504]
O44 - LFC:[MD5.61DB16986A5561DE7929C1BEE64BFF11] - 10/10/2013 - 06:19:33 ---A- . (.Microsoft Corporation - Microsoft Feeds Manager.) -- C:\Windows\SysNative\msfeeds.dll [729088]
O44 - LFC:[MD5.61DB16986A5561DE7929C1BEE64BFF11] - 10/10/2013 - 06:19:33 ---A- . (.Microsoft Corporation - Microsoft Feeds Manager.) -- C:\Windows\System32\msfeeds.dll [729088]
O44 - LFC:[MD5.6431F1042CEE8BD0197200EDCDF10B4F] - 10/10/2013 - 06:19:34 ---A- . (.Microsoft Corporation - Internet Shortcut Shell Extension DLL.) -- C:\Windows\SysNative\url.dll [237056]
O44 - LFC:[MD5.6431F1042CEE8BD0197200EDCDF10B4F] - 10/10/2013 - 06:19:34 ---A- . (.Microsoft Corporation - Internet Shortcut Shell Extension DLL.) -- C:\Windows\System32\url.dll [237056]
O44 - LFC:[MD5.3CD6F07E6416ED6E18A1965CD2B9144A] - 10/10/2013 - 06:19:35 ---A- . (.Microsoft Corporation - Internet Extensions for Win32.) -- C:\Windows\SysNative\wininet.dll [1392128]
O44 - LFC:[MD5.3CD6F07E6416ED6E18A1965CD2B9144A] - 10/10/2013 - 06:19:35 ---A- . (.Microsoft Corporation - Internet Extensions for Win32.) -- C:\Windows\System32\wininet.dll [1392128]
O44 - LFC:[MD5.B73439C148710919E18321C487E4C885] - 10/10/2013 - 06:19:38 ---A- . (.Microsoft Corporation - IE 7.0 Unattended Install Utility.) -- C:\Windows\SysNative\ieUnatt.exe [173056]
O44 - LFC:[MD5.B73439C148710919E18321C487E4C885] - 10/10/2013 - 06:19:38 ---A- . (.Microsoft Corporation - IE 7.0 Unattended Install Utility.) -- C:\Windows\System32\ieUnatt.exe [173056]
O44 - LFC:[MD5.67926CE246B1C4080AD8DE7626965059] - 10/10/2013 - 06:19:38 ---A- . (.Microsoft Corporation - Internet Explorer UI Engine.) -- C:\Windows\SysNative\ieui.dll [248320]
O44 - LFC:[MD5.67926CE246B1C4080AD8DE7626965059] - 10/10/2013 - 06:19:38 ---A- . (.Microsoft Corporation - Internet Explorer UI Engine.) -- C:\Windows\System32\ieui.dll [248320]
O44 - LFC:[MD5.4CC24784CB8D1BD9DBB35E4C055BD052] - 10/10/2013 - 06:19:44 ---A- . (.Microsoft Corporation - Microsoft� HTML Editing Component.) -- C:\Windows\SysNative\mshtmled.dll [96768]
O44 - LFC:[MD5.4CC24784CB8D1BD9DBB35E4C055BD052] - 10/10/2013 - 06:19:44 ---A- . (.Microsoft Corporation - Microsoft� HTML Editing Component.) -- C:\Windows\System32\mshtmled.dll [96768]
O44 - LFC:[MD5.D4372C2CFEF849676ECE9747EEE92A32] - 10/10/2013 - 06:19:45 ---A- . (.Microsoft Corporation - Microsoft� MSHTML Typelib.) -- C:\Windows\SysNative\mshtml.tlb [2382848]
O44 - LFC:[MD5.D4372C2CFEF849676ECE9747EEE92A32] - 10/10/2013 - 06:19:45 ---A- . (.Microsoft Corporation - Microsoft� MSHTML Typelib.) -- C:\Windows\System32\mshtml.tlb [2382848]
O44 - LFC:[MD5.CF9171B6B1D07A63FA7CABCB26ABF408] - 10/10/2013 - 06:19:52 ---A- . (...) -- C:\AdwCleaner[S5].txt [1376]
O44 - LFC:[MD5.18B86AAB354CB0C4EFE9533898707CB5] - 10/10/2013 - 06:30:09 ---A- . (...) -- C:\AdwCleaner[R7].txt [1829]
O44 - LFC:[MD5.79687FB0CD25FAAA15E97101A2903421] - 10/10/2013 - 06:31:03 ---A- . (...) -- C:\AdwCleaner[S6].txt [2064]
O44 - LFC:[MD5.E3A8B7CD746D5C5A9B2E7F9B98278942] - 10/10/2013 - 06:55:50 ---A- . (...) -- C:\Windows\win.ini [532]
O44 - LFC:[MD5.597C3699384E53CC59587ED50CCE5CA2] - 10/10/2013 - 09:10:38 ---A- . (.Microsoft Corporation - Hid Class Library.) -- C:\Windows\System32\Drivers\hidclass.sys [76800]
O44 - LFC:[MD5.856E76B3641746ABBC2946BED1372098] - 10/10/2013 - 09:10:38 ---A- . (.Microsoft Corporation - Hid Parsing Library.) -- C:\Windows\System32\Drivers\hidparse.sys [32896]
O44 - LFC:[MD5.70833F5A59F65908698093889C34BCA2] - 10/10/2013 - 17:33:57 ---A- . (.Microsoft Corporation - Win32 Emulation on NT64.) -- C:\Windows\SysNative\wow64.dll [243712]
O44 - LFC:[MD5.70833F5A59F65908698093889C34BCA2] - 10/10/2013 - 17:33:57 ---A- . (.Microsoft Corporation - Win32 Emulation on NT64.) -- C:\Windows\System32\wow64.dll [243712]
O44 - LFC:[MD5.A3FCC4F97551087D65F8FEE879FEF736] - 10/10/2013 - 17:33:58 ---A- . (.Microsoft Corporation - Event Trace Helper Library.) -- C:\Windows\SysNative\tdh.dll [859648]
O44 - LFC:[MD5.A3FCC4F97551087D65F8FEE879FEF736] - 10/10/2013 - 17:33:58 ---A- . (.Microsoft Corporation - Event Trace Helper Library.) -- C:\Windows\System32\tdh.dll [859648]
O44 - LFC:[MD5.CAAAC014C5C56A69F710B5F1B836DE22] - 10/10/2013 - 17:33:58 ---A- . (.Microsoft Corporation - NT Layer DLL.) -- C:\Windows\SysNative\ntdll.dll [1732032]
O44 - LFC:[MD5.CAAAC014C5C56A69F710B5F1B836DE22] - 10/10/2013 - 17:33:58 ---A- . (.Microsoft Corporation - NT Layer DLL.) -- C:\Windows\System32\ntdll.dll [1732032]
O44 - LFC:[MD5.63A580C88CFAF72A92550940054569EF] - 10/10/2013 - 17:33:59 ---A- . (.Microsoft Corporation - Advanced Windows 32 Base API.) -- C:\Windows\SysNative\advapi32.dll [878080]
O44 - LFC:[MD5.63A580C88CFAF72A92550940054569EF] - 10/10/2013 - 17:33:59 ---A- . (.Microsoft Corporation - Advanced Windows 32 Base API.) -- C:\Windows\System32\advapi32.dll [878080]
O44 - LFC:[MD5.5B9A6A310326D9C438F2C19FBBE97C97] - 10/10/2013 - 17:34:01 ---A- . (.Microsoft Corporation - NT Kernel & System.) -- C:\Windows\SysNative\ntoskrnl.exe [5549504]
O44 - LFC:[MD5.5B9A6A310326D9C438F2C19FBBE97C97] - 10/10/2013 - 17:34:01 ---A- . (.Microsoft Corporation - NT Kernel & System.) -- C:\Windows\System32\ntoskrnl.exe [5549504]
O44 - LFC:[MD5.142671F462619CB64BA74F5B70136CB4] - 10/10/2013 - 18:50:30 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\Windows\SysNative\atmlib.dll [46080]
O44 - LFC:[MD5.142671F462619CB64BA74F5B70136CB4] - 10/10/2013 - 18:50:30 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\Windows\System32\atmlib.dll [46080]
O44 - LFC:[MD5.D6BAE9B4B210D71CDDADC224CEFCDB5F] - 10/10/2013 - 18:50:30 ---A- . (.Microsoft Corporation - Font Subsetting DLL.) -- C:\Windows\SysNative\fontsub.dll [100864]
O44 - LFC:[MD5.D6BAE9B4B210D71CDDADC224CEFCDB5F] - 10/10/2013 - 18:50:30 ---A- . (.Microsoft Corporation - Font Subsetting DLL.) -- C:\Windows\System32\fontsub.dll [100864]
O44 - LFC:[MD5.E1BB958681BE311E7CFF06CFEC5F1F2B] - 10/10/2013 - 18:50:31 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\Windows\SysNative\atmfd.dll [368128]
O44 - LFC:[MD5.E1BB958681BE311E7CFF06CFEC5F1F2B] - 10/10/2013 - 18:50:31 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\Windows\System32\atmfd.dll [368128]
O44 - LFC:[MD5.A5ED9421B8D09ED4F57CDA386307713E] - 10/10/2013 - 18:50:31 ---A- . (.Microsoft Corporation - DCI Manager.) -- C:\Windows\SysNative\dciman32.dll [14336]
O44 - LFC:[MD5.A5ED9421B8D09ED4F57CDA386307713E] - 10/10/2013 - 18:50:31 ---A- . (.Microsoft Corporation - DCI Manager.) -- C:\Windows\System32\dciman32.dll [14336]
O44 - LFC:[MD5.796B47A4B82EF1C39F13435B88834C48] - 10/10/2013 - 18:50:31 ---A- . (.Microsoft Corporation - Language Pack.) -- C:\Windows\SysNative\lpk.dll [41472]
O44 - LFC:[MD5.796B47A4B82EF1C39F13435B88834C48] - 10/10/2013 - 18:50:31 ---A- . (.Microsoft Corporation - Language Pack.) -- C:\Windows\System32\lpk.dll [41472]
O44 - LFC:[MD5.189B0BAE1B0EDD51CEF1CD3F4CDEE02E] - 10/10/2013 - 21:45:04 ---A- . (.Microsoft Corporation - Active Directory Certificate Services Encod.) -- C:\Windows\SysNative\certenc.dll [52224]
O44 - LFC:[MD5.189B0BAE1B0EDD51CEF1CD3F4CDEE02E] - 10/10/2013 - 21:45:04 ---A- . (.Microsoft Corporation - Active Directory Certificate Services Encod.) -- C:\Windows\System32\certenc.dll [52224]
O44 - LFC:[MD5.4586B77B18FA9A8518AF76CA8FD247D9] - 10/10/2013 - 21:45:07 ---A- . (.Microsoft Corporation - CertUtil.exe.) -- C:\Windows\SysNative\certutil.exe [1192448]
O44 - LFC:[MD5.4586B77B18FA9A8518AF76CA8FD247D9] - 10/10/2013 - 21:45:07 ---A- . (.Microsoft Corporation - CertUtil.exe.) -- C:\Windows\System32\certutil.exe [1192448]
O44 - LFC:[MD5.314C17917AC8523EC77A710215012A65] - 11/10/2013 - 01:30:16 ---A- . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\Windows\System32\Drivers\afd.sys [497152]
O44 - LFC:[MD5.9A9F9F1A77D6A80EE28B57664F00013E] - 11/10/2013 - 01:30:17 ---A- . (.Microsoft Corporation - Microsoft Windows Sockets 2.0 Service Provi.) -- C:\Windows\SysNative\mswsock.dll [327168]
O44 - LFC:[MD5.9A9F9F1A77D6A80EE28B57664F00013E] - 11/10/2013 - 01:30:17 ---A- . (.Microsoft Corporation - Microsoft Windows Sockets 2.0 Service Provi.) -- C:\Windows\System32\mswsock.dll [327168]
O44 - LFC:[MD5.40AF23633D197905F03AB5628C558C51] - 11/10/2013 - 01:30:17 ---A- . (.Microsoft Corporation - TCP/IP Driver.) -- C:\Windows\System32\Drivers\tcpip.sys [1903552]
O44 - LFC:[MD5.99583D720C7476652265DE5CF3CB18A7] - 11/10/2013 - 05:58:41 ---A- . (...) -- C:\Windows\SysNative\FNTCACHE.DAT [5061576]
O44 - LFC:[MD5.99583D720C7476652265DE5CF3CB18A7] - 11/10/2013 - 05:58:41 ---A- . (...) -- C:\Windows\System32\FNTCACHE.DAT [5061576]
O44 - LFC:[MD5.A15914DEC2B38E225D08A945E4955594] - 12/10/2013 - 09:10:40 RSH-- . (...) -- C:\usbdriver.vbe [32981]
O44 - LFC:[MD5.1DF62B3308800ED79B8570AD9FD6B7FC] - 12/10/2013 - 09:10:42 R---- . (...) -- C:\Nouveau dossier.lnk [538]
O44 - LFC:[MD5.12D6E2E2B7FCAC3628F868F809F15D06] - 12/10/2013 - 09:10:42 RSH-- . (...) -- C:\autorun.inf [47]
O44 - LFC:[MD5.9C2A859221541E2B8D093CFD0DD481FD] - 12/10/2013 - 16:24:58 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [512]
O44 - LFC:[MD5.0BB97D43299910CBFBA59C461B99B910] - 12/10/2013 - 16:53:23 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Windows\System32\Drivers\mbam.sys [25928]
O44 - LFC:[MD5.3152A964A6A3978D531125C91C1DFE5B] - 12/10/2013 - 19:55:57 ---A- . (...) -- C:\Windows\PFRO.log [1049976]
O44 - LFC:[MD5.59020A24F06DBD0115F25E9C3EF4EF4D] - 12/10/2013 - 20:55:13 ---A- . (...) -- C:\Windows\SysNative\PerfStringBackup.INI [872418]
O44 - LFC:[MD5.42B52C2DC252344580DD65042615BDB0] - 12/10/2013 - 20:55:13 ---A- . (...) -- C:\Windows\SysNative\perfc009.dat [149192]
O44 - LFC:[MD5.4B2DFA442F64C56B7C1A823C1A49C96D] - 12/10/2013 - 20:55:13 ---A- . (...) -- C:\Windows\SysNative\perfh009.dat [731924]
O44 - LFC:[MD5.59020A24F06DBD0115F25E9C3EF4EF4D] - 12/10/2013 - 20:55:13 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [872418]
O44 - LFC:[MD5.42B52C2DC252344580DD65042615BDB0] - 12/10/2013 - 20:55:13 ---A- . (...) -- C:\Windows\System32\perfc009.dat [149192]
O44 - LFC:[MD5.4B2DFA442F64C56B7C1A823C1A49C96D] - 12/10/2013 - 20:55:13 ---A- . (...) -- C:\Windows\System32\perfh009.dat [731924]
O44 - LFC:[MD5.E2913AAE21B5F4ACBE08CB9FDFE8E3BA] - 13/10/2013 - 11:52:25 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.A9AD01F3271EC16B6ED5BC07BC72B464] - 13/10/2013 - 11:52:29 ---A- . (...) -- C:\Windows\setupact.log [98430]
O44 - LFC:[MD5.4F27CEB34D93CA74635403D9552F9944] - 13/10/2013 - 15:04:35 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1078640]
~ Files: 210 Scanned in 00mn 20s



---\\ Last files created in Windows Prefetcher (O45)
O45 - LFCP:[MD5.BF1CF1FF5ABBB86C877323736F0A4460] - 08/10/2013 - 18:05:39 ---A- - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf
O45 - LFCP:[MD5.BD134E538F12484432955926DB529641] - 12/10/2013 - 14:31:49 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf
O45 - LFCP:[MD5.62A83941EFBD320ED843018E566F3952] - 12/10/2013 - 14:32:53 ---A- - C:\Windows\Prefetch\AgCx_SC4.db
O45 - LFCP:[MD5.A36BF2AEE62528E4B37ED4ED7C2D9FCC] - 12/10/2013 - 15:30:14 ---A- - C:\Windows\Prefetch\XCOPY.EXE-41E6513F.pf
O45 - LFCP:[MD5.D354D119B8C04839CFA13ED5B979D203] - 12/10/2013 - 15:30:19 ---A- - C:\Windows\Prefetch\CMD.EXE-4A81B364.pf
O45 - LFCP:[MD5.5DDE641DA4109039228B569695156DE5] - 12/10/2013 - 19:54:32 ---A- - C:\Windows\Prefetch\PfSvPerfStats.bin
O45 - LFCP:[MD5.0A36BAB8332173ABAB81157F145C1F81] - 12/10/2013 - 20:00:15 ---A- - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf
O45 - LFCP:[MD5.6619D40B760EEE634D39E2D14D122FB0] - 12/10/2013 - 21:42:01 ---A- - C:\Windows\Prefetch\SNDVOL.EXE-5D4CC7D6.pf
O45 - LFCP:[MD5.BE094F01A795CB5C6898CEC77E5FC7F8] - 13/10/2013 - 00:07:06 ---A- - C:\Windows\Prefetch\MBAM.EXE-80210E2F.pf
O45 - LFCP:[MD5.C7BF4CA8E11FA5E236AE990420654629] - 13/10/2013 - 00:07:49 ---A- - C:\Windows\Prefetch\NOTEPAD.EXE-1605FA5B.pf
O45 - LFCP:[MD5.51CE64E1A8433300F5E1C9F29C8D1FD5] - 13/10/2013 - 00:31:55 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-411A328D.pf
O45 - LFCP:[MD5.5D5BB30E8C964E7E77F583CB774BB601] - 13/10/2013 - 01:00:12 ---A- - C:\Windows\Prefetch\SDIAGNHOST.EXE-8D72177C.pf
O45 - LFCP:[MD5.6CA6D64D6A11D46685E22ED3F4A0D213] - 13/10/2013 - 01:00:16 ---A- - C:\Windows\Prefetch\CSC.EXE-BE9AC2DF.pf
O45 - LFCP:[MD5.CBB571EF7E27E9C0E37200AC0A8BB5E9] - 13/10/2013 - 01:00:16 ---A- - C:\Windows\Prefetch\CVTRES.EXE-2B9D810D.pf
O45 - LFCP:[MD5.F67E7A78874A08BCD3FF4164F82DB701] - 13/10/2013 - 01:00:39 ---A- - C:\Windows\Prefetch\W32TM.EXE-1101AF41.pf
O45 - LFCP:[MD5.0CAD78DC33F7934E1A212D10CE01A3EA] - 13/10/2013 - 01:00:48 ---A- - C:\Windows\Prefetch\PING.EXE-7E94E73E.pf
O45 - LFCP:[MD5.C22A305147EF817D32496892AB9B4C1D] - 13/10/2013 - 01:46:52 ---A- - C:\Windows\Prefetch\AM_DELTA_PATCH_1.159.2054.0.E-129394BA.pf
O45 - LFCP:[MD5.D00662677049E77C13036BF5F20EB7CE] - 13/10/2013 - 01:46:52 ---A- - C:\Windows\Prefetch\MPSIGSTUB.EXE-6CB27A06.pf
O45 - LFCP:[MD5.2DC4ABAC4DF5DF82F732433A229160B0] - 13/10/2013 - 01:46:52 ---A- - C:\Windows\Prefetch\WUAUCLT.EXE-70318591.pf
O45 - LFCP:[MD5.3E1E429A5ADE5078D2E5AB67F2C2DE26] - 13/10/2013 - 07:39:04 ---A- - C:\Windows\Prefetch\FIREFOX.EXE-18ACFCFF.pf
O45 - LFCP:[MD5.38C2F7475471D47E741C6557984D9576] - 13/10/2013 - 09:27:56 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-ECB71776.pf
O45 - LFCP:[MD5.4B5752443717512906CF1AC9D9535143] - 13/10/2013 - 11:01:07 ---A- - C:\Windows\Prefetch\MIPONY.EXE-C355BE31.pf
O45 - LFCP:[MD5.675960354EC091C014B61594A65A10F7] - 13/10/2013 - 11:53:54 ---A- - C:\Windows\Prefetch\EDICT.EXE-FB52DE94.pf
O45 - LFCP:[MD5.6853072F31C821CF818A2DD7B914701C] - 13/10/2013 - 11:53:54 ---A- - C:\Windows\Prefetch\OFFICEVIRT.EXE-22FAE25A.pf
O45 - LFCP:[MD5.6C9E5519DECF9D104E12678109B11F5F] - 13/10/2013 - 11:53:55 ---A- - C:\Windows\Prefetch\IDMAN.EXE-B9CAEF7A.pf
O45 - LFCP:[MD5.EB1FD15502A2AE8532006E0CDB928947] - 13/10/2013 - 11:53:55 ---A- - C:\Windows\Prefetch\SIDEBAR.EXE-FA75EA61.pf
O45 - LFCP:[MD5.F769582CE6DA6F15DE1D912EFE974D32] - 13/10/2013 - 11:53:55 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf
O45 - LFCP:[MD5.206E9B634BBDAA8EC6CBFE65FF4C8895] - 13/10/2013 - 11:53:58 ---A- - C:\Windows\Prefetch\IEMONITOR.EXE-9DA5E783.pf
O45 - LFCP:[MD5.AB7A4ABC72592D85B013DDF41AA414A4] - 13/10/2013 - 11:54:09 ---A- - C:\Windows\Prefetch\WMPNSCFG.EXE-FC0D39BF.pf
O45 - LFCP:[MD5.6FF7C416FF50682C99469702F18A07A3] - 13/10/2013 - 11:54:14 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-C871F054.pf
O45 - LFCP:[MD5.80237FA52906D68DC810A1DA085696D4] - 13/10/2013 - 11:54:17 ---A- - C:\Windows\Prefetch\WMPNETWK.EXE-D9F2A96F.pf
O45 - LFCP:[MD5.D95A0FEB40BE098C31124E7F1ACA49B2] - 13/10/2013 - 11:54:20 ---A- - C:\Windows\Prefetch\MBAMGUI.EXE-1CA97248.pf
O45 - LFCP:[MD5.601CF52EB80E9D801EA33B5C909ADC23] - 13/10/2013 - 11:54:32 ---A- - C:\Windows\Prefetch\TASKMGR.EXE-5F5F473D.pf
O45 - LFCP:[MD5.FC9EEDC568ECBAA5485E5FD9D8B15075] - 13/10/2013 - 11:54:33 ---A- - C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf
O45 - LFCP:[MD5.D69036B5C4F5D254F898322F8B03489D] - 13/10/2013 - 11:54:33 ---A- - C:\Windows\Prefetch\REGSVR32.EXE-D5170E12.pf
O45 - LFCP:[MD5.C892F467A47CA902807369F6E004F603] - 13/10/2013 - 11:54:40 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-40DD444D.pf
O45 - LFCP:[MD5.134BB42FB94F098511FC9BEBC4D1C6A7] - 13/10/2013 - 11:54:56 ---A- - C:\Windows\Prefetch\MSCORSVW.EXE-57D17DAF.pf
O45 - LFCP:[MD5.E27EF7BE50EAD30CA3A041D24F0A01E2] - 13/10/2013 - 11:54:56 ---A- - C:\Windows\Prefetch\MSCORSVW.EXE-C3C515BD.pf
O45 - LFCP:[MD5.EFD643BCB8A92AB880196DCE5688C90D] - 13/10/2013 - 11:55:07 ---A- - C:\Windows\Prefetch\RICONMAN.EXE-9FED550E.pf
O45 - LFCP:[MD5.56A175EB0D7C9610536B42A81BD41FA6] - 13/10/2013 - 11:55:19 ---A- - C:\Windows\Prefetch\WMPLAYER.EXE-26C72A86.pf
O45 - LFCP:[MD5.304E935259CC9852B2FDFD2A3C041255] - 13/10/2013 - 11:56:46 ---A- - C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf
O45 - LFCP:[MD5.9BCEC06F79C2D98AFF938588C6B5F13B] - 13/10/2013 - 11:57:51 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-E2C2633A.pf
O45 - LFCP:[MD5.446AD8023850F8FA3DEDF89F1DE75813] - 13/10/2013 - 12:02:57 ---A- - C:\Windows\Prefetch\MPCMDRUN.EXE-6AA90EA5.pf
O45 - LFCP:[MD5.861A8BB0AEC7CC55C61EBE2EC7724F38] - 13/10/2013 - 12:05:40 ---A- - C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf
O45 - LFCP:[MD5.A790E018433071BFA45E5AA9CF16011F] - 13/10/2013 - 12:05:50 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-A3E35360.pf
O45 - LFCP:[MD5.837294B1D1CDEB115737E4207378E8FA] - 13/10/2013 - 12:07:45 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-E7777CC4.pf
O45 - LFCP:[MD5.76C11C11A7FB011A3D3697DA7D3A1EB1] - 13/10/2013 - 13:44:54 ---A- - C:\Windows\Prefetch\VLC-MEDIA-PLAYER_2-1-0_FR_108-722B1B1B.pf
O45 - LFCP:[MD5.DE8A80F8BD266518E917262337E57EF4] - 13/10/2013 - 13:45:15 ---A- - C:\Windows\Prefetch\UNINSTALL.EXE-75E9A482.pf
O45 - LFCP:[MD5.70C6DB5BA28C602EEDA2B75B491845EE] - 13/10/2013 - 13:46:11 ---A- - C:\Windows\Prefetch\VLC-CACHE-GEN.EXE-07B0ACF1.pf
O45 - LFCP:[MD5.96F35EF136D01D5C77E59A7F7FFA5DCF] - 13/10/2013 - 13:50:04 ---A- - C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf
O45 - LFCP:[MD5.EFDA03CCBA35D6AFECD6572BA5494B5E] - 13/10/2013 - 13:50:05 ---A- - C:\Windows\Prefetch\VLC.EXE-CC6F4A79.pf
O45 - LFCP:[MD5.BBA3FFB6CDD20D23A4180DBE49ABEBE6] - 13/10/2013 - 14:07:17 ---A- - C:\Windows\Prefetch\Layout.ini
O45 - LFCP:[MD5.F21C369CE7BA6BDB842FBB796C8F9CA3] - 13/10/2013 - 14:17:20 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-230FC512.pf
O45 - LFCP:[MD5.71264E5B74F3C5C73FABF2A8F93BD50D] - 13/10/2013 - 14:17:26 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf
O45 - LFCP:[MD5.1C9A731AAE77E710CED0623B7B70B64E] - 13/10/2013 - 14:17:26 ---A- - C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf
O45 - LFCP:[MD5.D77AFD60675683BD55E500218E3392B3] - 13/10/2013 - 14:22:52 ---A- - C:\Windows\Prefetch\ROGUEKILLERX64.EXE-ED4A706C.pf
O45 - LFCP:[MD5.0E3BE64D8BE2FF7A1C5AE794E252BADF] - 13/10/2013 - 14:22:55 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-DE9673F9.pf
O45 - LFCP:[MD5.A7D5175562DA185E5D900C4769DA5748] - 13/10/2013 - 14:22:56 ---A- - C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf
O45 - LFCP:[MD5.09CCAA4E785675887DE4294569DCC144] - 13/10/2013 - 14:23:06 ---A- - C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf
O45 - LFCP:[MD5.DA84E7C271B7B28F01B54093AB15255F] - 13/10/2013 - 14:24:07 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-948805745-1492054858-3638506696-1001.db
O45 - LFCP:[MD5.24B053C56815C0114D2C9FA108DD73CA] - 13/10/2013 - 14:24:07 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-948805745-1492054858-3638506696-1001.db
O45 - LFCP:[MD5.725A78918F80056577A91533272D5695] - 13/10/2013 - 14:26:42 ---A- - C:\Windows\Prefetch\CHROME.EXE-D999B1BA.pf
O45 - LFCP:[MD5.94FC22F305006E982F7144D742095C85] - 13/10/2013 - 14:29:00 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-76936ED5.pf
O45 - LFCP:[MD5.008197E473365B861B49C3650F699A4B] - 13/10/2013 - 14:30:36 ---A- - C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf
O45 - LFCP:[MD5.EC1FBD2A373AE9CE88FCED5EAA7C8337] - 13/10/2013 - 14:30:36 ---A- - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
O45 - LFCP:[MD5.095D1C531F1AD3D6F00AF7CE656E8CDA] - 13/10/2013 - 14:34:00 ---A- - C:\Windows\Prefetch\GOOGLEUPDATE.EXE-B95715F5.pf
O45 - LFCP:[MD5.8CFB104C102F8576ABF0DE9B86F2AB68] - 13/10/2013 - 14:39:00 ---A- - C:\Windows\Prefetch\AgRobust.db
O45 - LFCP:[MD5.5B53B95DE88BD278E7D38C50BE836892] - 13/10/2013 - 14:39:01 ---A- - C:\Windows\Prefetch\AgGlFaultHistory.db
O45 - LFCP:[MD5.84AA246D6E1ABD65E7ACE1C9787265C8] - 13/10/2013 - 14:39:01 ---A- - C:\Windows\Prefetch\AgGlFgAppHistory.db
O45 - LFCP:[MD5.8EAFECC740F69790B10DF8A91D50BF2A] - 13/10/2013 - 14:39:01 ---A- - C:\Windows\Prefetch\AgGlGlobalHistory.db
O45 - LFCP:[MD5.9702C13EB79964722CCCFFD6053AD494] - 13/10/2013 - 14:47:03 ---A- - C:\Windows\Prefetch\FACEBOOKUPDATE.EXE-99C15763.pf
O45 - LFCP:[MD5.53890C8214609E9AEF2F053D10F751CD] - 13/10/2013 - 15:01:00 ---A- - C:\Windows\Prefetch\FLASHPLAYERUPDATESERVICE.EXE-216D9C35.pf
O45 - LFCP:[MD5.CA0D8F8A6D4F1A1B6158DE8A970C1B9A] - 13/10/2013 - 15:01:10 ---A- - C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf
O45 - LFCP:[MD5.1CB2C65F67A8A79B688F4EAEE71DC1C7] - 13/10/2013 - 15:08:07 ---A- - C:\Windows\Prefetch\LongTermHist.db.bt
O45 - LFCP:[MD5.FACCA74CE632009A7F5913DF72CCFA21] - 13/10/2013 - 15:08:08 ---A- - C:\Windows\Prefetch\LongTermHist.db
O45 - LFCP:[MD5.364FF7A59FDD677ED5CD1A1AED4D0C64] - 13/10/2013 - 15:08:08 ---A- - C:\Windows\Prefetch\LongTermHist.db.dx
O45 - LFCP:[MD5.B7960EF5F30E1F98F2BCA3E25A5E1CD4] - 13/10/2013 - 15:09:51 ---A- - C:\Windows\Prefetch\ZHPHEP.EXE-EBD3B8D7.pf
O45 - LFCP:[MD5.C4F9E6B6FA5C4E03EFCD617B765397B4] - 13/10/2013 - 15:10:01 ---A- - C:\Windows\Prefetch\ZHPDIAG.EXE-0D117CAF.pf
O45 - LFCP:[MD5.06FB747966FF3D6CB3CC1C77FEBC2682] - 13/10/2013 - 15:10:05 ---A- - C:\Windows\Prefetch\AUDIODG.EXE-BDFD3029.pf
O45 - LFCP:[MD5.97BCFFDE523F9F0DFC36988DC79971EA] - 13/10/2013 - 15:10:17 ---A- - C:\Windows\Prefetch\CSCRIPT.EXE-0FB3F22C.pf
O45 - LFCP:[MD5.AB0F490A16475AADC3799B7184B24C26] - 13/10/2013 - 15:10:19 ---A- - C:\Windows\Prefetch\SPPSVC.EXE-B0F8131B.pf
O45 - LFCP:[MD5.868FCA1AD0AB60919F5D16D7E5792228] - 13/10/2013 - 15:10:19 ---A- - C:\Windows\Prefetch\WMIPRVSE.EXE-6768A320.pf
O45 - LFCP:[MD5.4076C8DB8DA6770A483F94CB36EFFBDC] - 13/10/2013 - 15:10:20 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf
O45 - LFCP:[MD5.0D70747855DB92D76B570B46BC55B5DA] - 13/10/2013 - 15:10:30 ---A- - C:\Windows\Prefetch\PV.EXE-34B75B82.pf
O45 - LFCP:[MD5.9F79D729F6777D23A7AA97F7D74DA700] - 13/10/2013 - 15:12:09 ---A- - C:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
O45 - LFCP:[MD5.66ADC63339E371AF0EF831F0F0C3DD3C] - 13/10/2013 - 15:12:09 ---A- - C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
O45 - LFCP:[MD5.78A59B3DF26DBA6BB027A83EE74D22BF] - 13/10/2013 - 15:12:10 ---A- - C:\Windows\Prefetch\SUBINACL.EXE-AB0CE9D9.pf
O45 - LFCP:[MD5.4A77F88AFAF354067827D2D011531432] - 13/10/2013 - 15:12:22 ---A- - C:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pf
O45 - LFCP:[MD5.F96E3D27932CAD4831F011FF5C872C53] - 13/10/2013 - 15:12:24 ---A- - C:\Windows\Prefetch\TASKHOST.EXE-7238F31D.pf
O45 - LFCP:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 18/09/2159 - 15:32:45 ----D - C:\Windows\Prefetch\ReadyBoot
~ Prefetcher: 90 Scanned in 00mn 01s



---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Local Security Authority-LSA Deny (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Windows Security Configuration Editor Client Engine.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Kerberos Security Package.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corp. - LiveSSP.) -- C:\Windows\System32\livessp.dll
~ LSA: 9 Scanned in 00mn 00s



---\\ Safe Boot Control (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Serial Mouse Filter Driver.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Volume Manager Extension Driver.) -- C:\Windows\System32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Serial Mouse Filter Driver.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Volume Manager Extension Driver.) -- C:\Windows\System32\Drivers\volmgrx.sys
~ CSB: 13 Scanned in 00mn 00s



---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{808d376a-1159-11e2-b005-ac162d5de540}\AutoRun\command. (...) -- G:\setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
~ TDSD: 2 Scanned in 00mn 00s



---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\command . (.Samsung - KiesPDLR.) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O53 - SMSR:HKLM\...\startupreg\AdobeAAMUpdater-1.0 [Key] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O53 - SMSR:HKLM\...\startupreg\APSDaemon [Key] . (...) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\BCSSync [Key] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O53 - SMSR:HKLM\...\startupreg\Cracked Steam Service [Key] . (...) -- c:\program files (x86)\cracked steam\Cracked AntiSteam.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\DAEMON Tools Lite [Key] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe =>.DT Soft Ltd
O53 - SMSR:HKLM\...\startupreg\E06FXLRD_84508502 [Key] . (...) -- C:\Program Files (x86)\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\E09FXLRD_147686 [Key] . (.Microsoft Corporation - Microsoft Encarta Dictionaries.) -- C:\Program Files (x86)\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.exe
O53 - SMSR:HKLM\...\startupreg\E09FXLRD_419711002 [Key] . (.Microsoft Corporation - Microsoft Encarta Dictionaries.) -- C:\Program Files (x86)\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.exe
O53 - SMSR:HKLM\...\startupreg\Easybits Recovery [Key] . (...) -- C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Facebook Update [Key] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\bertrand\AppData\Local\Facebook\Update\FacebookUpdate.exe
O53 - SMSR:HKLM\...\startupreg\Google Update [Key] . (...) -- C:\Users\bertrand\AppData\Local\Google\Update\GoogleUpdate.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\IDMan [Key] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O53 - SMSR:HKLM\...\startupreg\KiesAirMessage [Key] . (...) -- C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\KiesPreload [Key] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
O53 - SMSR:HKLM\...\startupreg\KiesTrayAgent [Key] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe =>.Samsung Electronics Co
O53 - SMSR:HKLM\...\startupreg\msnmsgr [Key] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O53 - SMSR:HKLM\...\startupreg\NTRedirect [Key] . (...) -- C:\Users\bertrand\AppData\Roaming\BabSolution\Shared\enhancedNT.dll (.not file.) =>Hijacker.BabSolution
O53 - SMSR:HKLM\...\startupreg\Pando Media Booster [Key] . (...) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\QuickTime Task [Key] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O53 - SMSR:HKLM\...\startupreg\RTHDVCPL [Key] . (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
O53 - SMSR:HKLM\...\startupreg\Sidebar [Key] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O53 - SMSR:HKLM\...\startupreg\Skype [Key] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O53 - SMSR:HKLM\...\startupreg\StartCCC [Key] . (.Advanced Micro Devices, Inc. - Catalyst� Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O53 - SMSR:HKLM\...\startupreg\Steam [Key] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files (x86)\Steam\Steam.exe
O53 - SMSR:HKLM\...\startupreg\SunJavaUpdateSched [Key] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O53 - SMSR:HKLM\...\startupreg\SuperCopier2.exe [Key] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
O53 - SMSR:HKLM\...\startupreg\SynTPEnh [Key] . (...) -- C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - �Torrent.) -- C:\Users\bertrand\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O53 - SMSR:HKLM\...\startupreg\Xvid [Key] . (...) -- C:\Program Files (x86)\Xvid\CheckUpdate.exe (.not file.)
~ SMSR Keys: 31 Scanned in 00mn 00s



---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
~ MSCP: 2 Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=2
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "HideFastUserSwitching"=0
O55 - MWPS:[HKCU\...\Policies\System] - "DisableLockWorkstation"=0
O55 - MWPS:[HKCU\...\Policies\System] - "DisableChangePassword"=0
~ MWPS: 19 Scanned in 00mn 00s



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "EnableShellExecuteHooks"=1
~ MWPE Keys: 5 Scanned in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 01:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.DEFD557D9B8C0FA3CEA6CC576400114E] - 20/08/2012 - 14:48:50 ----- . (...) -- C:\Windows\System32\pwdrvio.sys [19032]
O58 - SDL:[MD5.9131FE60ADFAB595C8DA53AD6A06AA31] - 04/01/2005 - 00:43:08 ---A- . (.INCA Internet Co., Ltd. - nProtect NPSC Kernel Mode Driver for NT.) -- C:\Windows\SysWOW64\npptNT2.sys [4682]
~ Drivers: 19 Scanned in 00mn 00s



---\\ Last modified or created user files (O61)
O61 - LFC: 10/10/2013 - 15:13:30 ---A- . (...) -- C:\Users\bertrand\AppData\Local\CrashDumps\Steam.exe.724.dmp [1401186]
O61 - LFC: 10/10/2013 - 15:13:30 ---A- . (...) -- C:\Users\bertrand\AppData\Local\CrashDumps\firefox.exe.4800.dmp [3244777]
O61 - LFC: 10/10/2013 - 15:13:30 ---A- . (...) -- C:\Users\bertrand\AppData\Local\CrashDumps\yct.exe.3484.dmp [2910259]
O61 - LFC: 10/10/2013 - 15:13:37 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_rapgenius.com_0.localstorage [3072]
O61 - LFC: 10/10/2013 - 15:13:37 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_rapgenius.com_0.localstorage-journal [3608]
O61 - LFC: 10/10/2013 - 15:13:37 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_superuser.com_0.localstorage [3072]
O61 - LFC: 10/10/2013 - 15:13:37 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_superuser.com_0.localstorage-journal [3608]
O61 - LFC: 10/10/2013 - 15:13:37 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_telechargement.zebulon.fr_0.localstorage [3072]
O61 - LFC: 10/10/2013 - 15:13:37 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_telechargement.zebulon.fr_0.localstorage-journal [3608]
O61 - LFC: 10/10/2013 - 15:13:37 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.bop.fm_0.localstorage [3072]
O61 - LFC: 10/10/2013 - 15:13:37 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.bop.fm_0.localstorage-journal [512]
O61 - LFC: 10/10/2013 - 15:13:38 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.youtube.com_0.localstorage [58368]
O61 - LFC: 10/10/2013 - 15:13:38 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.youtube.com_0.localstorage-journal [16384]
O61 - LFC: 10/10/2013 - 15:13:40 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\SVUJ693U\macromedia.com\support\flashplayer\sys\settings.sol [1561]
O61 - LFC: 10/10/2013 - 15:13:40 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\PepperFlash\11.9.900.117\manifest.fingerprint [14] =>.Google PepperFlash
O61 - LFC: 10/10/2013 - 15:13:40 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\PepperFlash\11.9.900.117\manifest.json [2054] =>.Google PepperFlash
O61 - LFC: 10/10/2013 - 15:13:40 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\PepperFlash\11.9.900.117\pepflashplayer.dll [13584776] =>.Google PepperFlash
O61 - LFC: 10/10/2013 - 15:13:53 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\3808_11496\crl-set [935]
O61 - LFC: 10/10/2013 - 15:13:53 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\3808_11496\manifest.fingerprint [12]
O61 - LFC: 10/10/2013 - 15:13:53 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\3808_11496\manifest.json [34]
O61 - LFC: 10/10/2013 - 15:13:53 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\5856_3511\crl-set [917]
O61 - LFC: 10/10/2013 - 15:13:53 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\5856_3511\manifest.fingerprint [12]
O61 - LFC: 10/10/2013 - 15:13:53 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\5856_3511\manifest.json [34]
O61 - LFC: 10/10/2013 - 15:15:15 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\atcMedia5731381438787.flv [6775180]
O61 - LFC: 10/10/2013 - 15:15:15 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\atcMedia9091381437732.flv [6721897]
O61 - LFC: 10/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\CPBA.bat [245]
O61 - LFC: 10/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\atcMRUList.idx [0]
O61 - LFC: 10/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\atc_MP3Backup.lst [6]
O61 - LFC: 10/10/2013 - 15:15:28 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\{82AC9AF6-8C57-4842-87E5-07EF591163C9}.wmv [0]
O61 - LFC: 10/10/2013 - 15:15:28 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\~DF2DD219C808D42887.TMP [655360]
O61 - LFC: 10/10/2013 - 15:15:31 ---A- . (...) -- C:\Users\bertrand\AppData\Roaming\IDM\cnlurllist.dat [521]
O61 - LFC: 10/10/2013 - 15:15:39 ---A- . (...) -- C:\Users\bertrand\Documents\c qui'le papa 1.sfk [2520]
O61 - LFC: 10/10/2013 - 15:15:39 ---A- . (...) -- C:\Users\bertrand\Documents\c qui'le papa 1.wav [631512]
O61 - LFC: 10/10/2013 - 15:15:39 ---A- . (...) -- C:\Users\bertrand\Documents\c'est qui lapa.sfk [2656]
O61 - LFC: 10/10/2013 - 15:15:40 ---A- . (...) -- C:\Users\bertrand\Documents\c'est qui lapa.wav [666144]
O61 - LFC: 10/10/2013 - 15:19:56 ---A- . (...) -- C:\Users\bertrand\Downloads\Documents\ScholarshipList_2013.pdf [259779]
O61 - LFC: 10/10/2013 - 15:21:01 ---A- . (...) -- C:\Users\bertrand\Downloads\Programs\RogueKiller.exe [950272]
O61 - LFC: 10/10/2013 - 15:21:01 ---A- . (.Thisisu.) -- C:\Users\bertrand\Downloads\Programs\JRT.exe [1032220]
O61 - LFC: 10/10/2013 - 15:21:04 ---A- . (.Nicolas Coolman.) -- C:\Users\bertrand\Downloads\Programs\ZHPDiag2.exe [6834147] =>.Nicolas Coolman
O61 - LFC: 10/10/2013 - 15:22:00 ---A- . (...) -- C:\Users\bertrand\Links\Desktop.lnk [497]
O61 - LFC: 10/10/2013 - 15:22:00 ---A- . (...) -- C:\Users\bertrand\Links\Downloads.lnk [912]
O61 - LFC: 10/10/2013 - 15:22:00 ---A- . (...) -- C:\Users\bertrand\Links\RecentPlaces.lnk [363]
O61 - LFC: 11/10/2013 - 15:13:30 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Darksiders2\controls.dcon [944]
O61 - LFC: 11/10/2013 - 15:13:30 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Darksiders2\gamepad.gcon [275]
O61 - LFC: 11/10/2013 - 15:13:39 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\Q3JKZ4TT\4BAE91DBAEF0CEEC0FCE5505D96DDEA865EDBFC1.heu [152]
O61 - LFC: 11/10/2013 - 15:13:39 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\Q3JKZ4TT\8F903698240FE799F61EEDA8595181137B996156.heu [152]
O61 - LFC: 11/10/2013 - 15:13:39 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\Q3JKZ4TT\98EECA3E014A0FA3C4C613006BDCEA12DA3BEACE.heu [152]
O61 - LFC: 11/10/2013 - 15:13:39 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\Q3JKZ4TT\ABD49354324081CEBB8F60184CF5FEE81F0F9298.heu [152]
O61 - LFC: 11/10/2013 - 15:13:40 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\SVUJ693U\players.nrjaudio.fm\##4CA406C130CC2410\00000001.sol [154]
O61 - LFC: 11/10/2013 - 15:13:40 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.12181\_platform_specific\x86_64\pnacl_public_pnacl_json [439]
O61 - LFC: 11/10/2013 - 15:13:40 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.12181\_platform_specific\x86_64\pnacl_public_x86_64_crtbeginS_o [2520]
O61 - LFC: 11/10/2013 - 15:13:40 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.12181\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o [2144]
O61 - LFC: 11/10/2013 - 15:13:40 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.12181\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o [2288]
O61 - LFC: 11/10/2013 - 15:13:40 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.12181\_platform_specific\x86_64\pnacl_public_x86_64_crtendS_o [1350]
O61 - LFC: 11/10/2013 - 15:13:40 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.12181\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o [1349]
O61 - LFC: 11/10/2013 - 15:13:40 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.12181\manifest.fingerprint [66]
O61 - LFC: 11/10/2013 - 15:13:40 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.12181\manifest.json [572]
O61 - LFC: 11/10/2013 - 15:13:41 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.12181\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe [2191960]
O61 - LFC: 11/10/2013 - 15:13:41 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.12181\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a [5674]
O61 - LFC: 11/10/2013 - 15:13:41 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.12181\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a [47406]
O61 - LFC: 11/10/2013 - 15:13:41 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.12181\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_eh_a [234936]
O61 - LFC: 11/10/2013 - 15:13:41 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.12181\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a [180862]
O61 - LFC: 11/10/2013 - 15:13:41 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.12181\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a [1774]
O61 - LFC: 11/10/2013 - 15:13:41 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.12181\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe [9167128]
O61 - LFC: 11/10/2013 - 15:13:53 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\984_19794\crl-set [706]
O61 - LFC: 11/10/2013 - 15:13:53 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\984_19794\manifest.fingerprint [12]
O61 - LFC: 11/10/2013 - 15:13:53 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\984_19794\manifest.json [34]
O61 - LFC: 11/10/2013 - 15:13:53 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\984_21810\crl-set [797]
O61 - LFC: 11/10/2013 - 15:13:53 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\984_21810\manifest.fingerprint [12]
O61 - LFC: 11/10/2013 - 15:13:53 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\984_21810\manifest.json [34]
O61 - LFC: 11/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\atc_DownloadsBackupMain.lst [6]
O61 - LFC: 11/10/2013 - 15:15:31 ---A- . (...) -- C:\Users\bertrand\AppData\Roaming\bitlord_log.txt [0] =>Adware.WhenUSave
O61 - LFC: 11/10/2013 - 15:15:32 ---A- . (...) -- C:\Users\bertrand\AppData\Roaming\IDM\sts_list.dat [34]
O61 - LFC: 11/10/2013 - 15:18:38 ---A- . (...) -- C:\Users\bertrand\Documents\FLiNGTrainer\TrainerBGM.mid [32445]
O61 - LFC: 11/10/2013 - 15:21:48 ---A- . (...) -- C:\Users\bertrand\Downloads\Video\Fast.And.Furious.2009.FRENCH.DVDRiP.XViD-SURViVAL.avi [733698048]
O61 - LFC: 12/10/2013 - 15:13:36 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.facebook.com_0.localstorage [23552]
O61 - LFC: 12/10/2013 - 15:13:36 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.facebook.com_0.localstorage-journal [16384]
O61 - LFC: 12/10/2013 - 15:13:38 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_0 [45056]
O61 - LFC: 12/10/2013 - 15:13:38 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_1 [270336]
O61 - LFC: 12/10/2013 - 15:13:40 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\QuotaManager [19456]
O61 - LFC: 12/10/2013 - 15:13:40 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal [8768]
O61 - LFC: 12/10/2013 - 15:13:40 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Web Data [73728]
O61 - LFC: 12/10/2013 - 15:13:40 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal [4624]
O61 - LFC: 12/10/2013 - 15:13:42 --HA- . (...) -- C:\Users\bertrand\AppData\Local\IconCache.db [2002940]
O61 - LFC: 12/10/2013 - 15:13:51 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Sony\Vegas Pro\12.0\DeviceExplorer.PerUser.xml [2480]
O61 - LFC: 12/10/2013 - 15:13:51 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Sony\Vegas Pro\12.0\FileExplorer.settings [545]
O61 - LFC: 12/10/2013 - 15:13:53 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Sony\Vegas Pro\12.0\RenderAs.settings [1102]
O61 - LFC: 12/10/2013 - 15:13:53 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Sony\Vegas Pro\12.0\XDCAMExplorer.PerUser.xml [3057]
O61 - LFC: 12/10/2013 - 15:13:53 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\2960_21317\crl-set [719]
O61 - LFC: 12/10/2013 - 15:13:53 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\2960_21317\manifest.fingerprint [12]
O61 - LFC: 12/10/2013 - 15:13:53 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\2960_21317\manifest.json [34]
O61 - LFC: 12/10/2013 - 15:13:53 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\984_27098\crl-set [1257]
O61 - LFC: 12/10/2013 - 15:13:53 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\984_27098\manifest.fingerprint [12]
O61 - LFC: 12/10/2013 - 15:13:53 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\984_27098\manifest.json [34]
O61 - LFC: 12/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\EncartaTempDir\DTA_13f8_1.xml [1601]
O61 - LFC: 12/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\EncartaTempDir\DTA_13f8_2.xsl [45673]
O61 - LFC: 12/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\EncartaTempDir\DTA_13f8_3.xsl [2425]
O61 - LFC: 12/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\EncartaTempDir\DTA_13f8_4.xsl [65781]
O61 - LFC: 12/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\EncartaTempDir\DTA_13f8_5.xsl [6293]
O61 - LFC: 12/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\EncartaTempDir\DTA_13f8_6.xsl [1598]
O61 - LFC: 12/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\EncartaTempDir\DTA_13f8_7.xsl [32443]
O61 - LFC: 12/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\EncartaTempDir\DTA_13f8_8.js [51403]
O61 - LFC: 12/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\EncartaTempDir\DTA_dcc_1.xml [1601]
O61 - LFC: 12/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\EncartaTempDir\DTA_dcc_10.xml [875]
O61 - LFC: 12/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\EncartaTempDir\DTA_dcc_2.xsl [45673]
O61 - LFC: 12/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\EncartaTempDir\DTA_dcc_3.xsl [2425]
O61 - LFC: 12/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\EncartaTempDir\DTA_dcc_4.xsl [65781]
O61 - LFC: 12/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\EncartaTempDir\DTA_dcc_5.xsl [6293]
O61 - LFC: 12/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\EncartaTempDir\DTA_dcc_6.xsl [1598]
O61 - LFC: 12/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\EncartaTempDir\DTA_dcc_7.xsl [32443]
O61 - LFC: 12/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\EncartaTempDir\DTA_dcc_8.js [51403]
O61 - LFC: 12/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\EncartaTempDir\DTA_dcc_9.xsl [4642]
O61 - LFC: 12/10/2013 - 15:15:22 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\JRT.txt [6141]
O61 - LFC: 12/10/2013 - 15:15:22 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\jrt\temp\null.txt [0]
O61 - LFC: 12/10/2013 - 15:15:22 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\preferences [0]
O61 - LFC: 12/10/2013 - 15:15:22 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\qtsingleapp-frozen-f89d-1-lockfile [0]
O61 - LFC: 12/10/2013 - 15:15:31 ---A- . (...) -- C:\Users\bertrand\AppData\Roaming\DMCache\settings.bak [20480]
O61 - LFC: 12/10/2013 - 15:15:32 ---A- . (...) -- C:\Users\bertrand\AppData\Roaming\IDM\foldresHistory.txt [362]
O61 - LFC: 12/10/2013 - 15:15:32 ---A- . (...) -- C:\Users\bertrand\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2013-10-12 (17-07-46).txt [13922]
O61 - LFC: 12/10/2013 - 15:15:34 ---A- . (...) -- C:\Users\bertrand\AppData\Roaming\Sony\Render Templates\Favorites.settings [40]
O61 - LFC: 12/10/2013 - 15:15:36 ---A- . (...) -- C:\Users\bertrand\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman
O61 - LFC: 12/10/2013 - 15:15:36 ---A- . (...) -- C:\Users\bertrand\AppData\Roaming\ZHP\ZHPDiag.txt [285171] =>.Nicolas Coolman
O61 - LFC: 12/10/2013 - 15:18:41 ---A- . (...) -- C:\Users\bertrand\Documents\SlowD.wav [2921412]
O61 - LFC: 12/10/2013 - 15:21:01 ---A- . (...) -- C:\Users\bertrand\Downloads\Programs\adwcleaner.exe [1048960]
O61 - LFC: 12/10/2013 - 15:21:01 ---A- . (.Malwarebytes Corporation.) -- C:\Users\bertrand\Downloads\Programs\mbam-setup-1.75.0.1300.exe [10285040]
O61 - LFC: 12/10/2013 - 15:22:02 ---A- . (...) -- C:\Users\bertrand\Securities\update.exe [1233]
O61 - LFC: 13/10/2013 - 15:13:31 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [262612]
O61 - LFC: 13/10/2013 - 15:13:31 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Archived History [1843200]
O61 - LFC: 13/10/2013 - 15:13:31 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Archived History-journal [16384]
O61 - LFC: 13/10/2013 - 15:13:31 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Cookies [866304]
O61 - LFC: 13/10/2013 - 15:13:31 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal [16384]
O61 - LFC: 13/10/2013 - 15:13:31 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\CURRENT [16]
O61 - LFC: 13/10/2013 - 15:13:31 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG [148]
O61 - LFC: 13/10/2013 - 15:13:31 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.old [148]
O61 - LFC: 13/10/2013 - 15:13:31 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000693 [2224]
O61 - LFC: 13/10/2013 - 15:13:31 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT [16]
O61 - LFC: 13/10/2013 - 15:13:31 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG [151]
O61 - LFC: 13/10/2013 - 15:13:31 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old [151]
O61 - LFC: 13/10/2013 - 15:13:31 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-001371 [486]
O61 - LFC: 13/10/2013 - 15:13:35 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Favicons [1009664]
O61 - LFC: 13/10/2013 - 15:13:35 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal [16384]
O61 - LFC: 13/10/2013 - 15:13:35 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\History [1589248]
O61 - LFC: 13/10/2013 - 15:13:35 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache [163737]
O61 - LFC: 13/10/2013 - 15:13:36 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\History-journal [16384]
O61 - LFC: 13/10/2013 - 15:13:36 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Last Session [626526]
O61 - LFC: 13/10/2013 - 15:13:36 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Last Tabs [83390]
O61 - LFC: 13/10/2013 - 15:13:36 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jeaohhlajejodfjadcponpnjgkiikocn\CURRENT [16]
O61 - LFC: 13/10/2013 - 15:13:36 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jeaohhlajejodfjadcponpnjgkiikocn\LOG [148]
O61 - LFC: 13/10/2013 - 15:13:36 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jeaohhlajejodfjadcponpnjgkiikocn\LOG.old [148]
O61 - LFC: 13/10/2013 - 15:13:36 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jeaohhlajejodfjadcponpnjgkiikocn\MANIFEST-000151 [88]
O61 - LFC: 13/10/2013 - 15:13:36 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_phlpjnmkcepflfoglccifhajagahaglm_0.localstorage [3072]
O61 - LFC: 13/10/2013 - 15:13:36 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_phlpjnmkcepflfoglccifhajagahaglm_0.localstorage-journal [3608]
O61 - LFC: 13/10/2013 - 15:13:38 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Managed Mode Settings [8]
O61 - LFC: 13/10/2013 - 15:13:39 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor [111616]
O61 - LFC: 13/10/2013 - 15:13:39 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal [16384]
O61 - LFC: 13/10/2013 - 15:13:39 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\SVUJ693U\broadcast.piximedia.fr\footerJS\v4\lib\so.swf\PmUI.sol [33]
O61 - LFC: 13/10/2013 - 15:13:40 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Preferences [194084]
O61 - LFC: 13/10/2013 - 15:13:40 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENT [16]
O61 - LFC: 13/10/2013 - 15:13:40 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG [276]
O61 - LFC: 13/10/2013 - 15:13:40 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old [788]
O61 - LFC: 13/10/2013 - 15:13:40 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-002032 [166]
O61 - LFC: 13/10/2013 - 15:13:40 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Shortcuts [81920]
O61 - LFC: 13/10/2013 - 15:13:40 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal [16384]
O61 - LFC: 13/10/2013 - 15:13:40 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Top Sites [425984]
O61 - LFC: 13/10/2013 - 15:13:40 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal [16384]
O61 - LFC: 13/10/2013 - 15:13:40 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity [2554]
O61 - LFC: 13/10/2013 - 15:13:40 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Visited Links [131072]
O61 - LFC: 13/10/2013 - 15:13:40 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Local State [43993]
O61 - LFC: 13/10/2013 - 15:13:41 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom [8779192]
O61 - LFC: 13/10/2013 - 15:13:41 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Prefix Set [1589500]
O61 - LFC: 13/10/2013 - 15:13:41 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies [6144]
O61 - LFC: 13/10/2013 - 15:13:41 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal [4640]
O61 - LFC: 13/10/2013 - 15:13:41 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Safe Browsing Csd Whitelist [135184]
O61 - LFC: 13/10/2013 - 15:13:41 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Safe Browsing Download [699644]
O61 - LFC: 13/10/2013 - 15:13:41 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Safe Browsing Download Whitelist [19556]
O61 - LFC: 13/10/2013 - 15:13:41 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Safe Browsing Extension Blacklist [6592]
O61 - LFC: 13/10/2013 - 15:13:45 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Sidebar7\Sidebar7Config.txt [362]
O61 - LFC: 13/10/2013 - 15:13:53 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\3300_16680\crl-set [716]
O61 - LFC: 13/10/2013 - 15:13:53 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\3300_16680\manifest.fingerprint [12]
O61 - LFC: 13/10/2013 - 15:13:53 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\3300_16680\manifest.json [34]
O61 - LFC: 13/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\EncartaTempDir\DTA_1128_1.xml [1601]
O61 - LFC: 13/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\EncartaTempDir\DTA_1128_2.xsl [45673]
O61 - LFC: 13/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\EncartaTempDir\DTA_1128_3.xsl [2425]
O61 - LFC: 13/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\EncartaTempDir\DTA_1128_4.xsl [65781]
O61 - LFC: 13/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\EncartaTempDir\DTA_1128_5.xsl [6293]
O61 - LFC: 13/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\EncartaTempDir\DTA_1128_6.xsl [1598]
O61 - LFC: 13/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\EncartaTempDir\DTA_1128_7.xsl [32443]
O61 - LFC: 13/10/2013 - 15:15:16 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\EncartaTempDir\DTA_1128_8.js [51403]
O61 - LFC: 13/10/2013 - 15:15:16 --HA- . (...) -- C:\Users\bertrand\AppData\Local\Temp\etilqs_v21c4BzaBE0ObhV [4100]
O61 - LFC: 13/10/2013 - 15:15:28 ---A- . (...) -- C:\Users\bertrand\AppData\Local\Temp\wmplog00.sqm [1866]
O61 - LFC: 13/10/2013 - 15:15:31 ---A- . (...) -- C:\Users\bertrand\AppData\Roaming\IDM\defextmap.dat [2198]
O61 - LFC: 13/10/2013 - 15:15:32 ---A- . (...) -- C:\Users\bertrand\AppData\Roaming\IDM\Scheduler\q_1.dt [2]
O61 - LFC: 13/10/2013 - 15:15:32 ---A- . (...) -- C:\Users\bertrand\AppData\Roaming\IDM\urlexclist.dat [2198]
O61 - LFC: 13/10/2013 - 15:15:33 ---A- . (...) -- C:\Users\bertrand\AppData\Roaming\Mipony\History.xml [908]
O61 - LFC: 13/10/2013 - 15:15:33 ---A- . (...) -- C:\Users\bertrand\AppData\Roaming\Mipony\categories.xml [94]
O61 - LFC: 13/10/2013 - 15:15:33 ---A- . (...) -- C:\Users\bertrand\AppData\Roaming\Mipony\linkList.xml [79]
O61 - LFC: 13/10/2013 - 15:15:33 ---A- . (...) -- C:\Users\bertrand\AppData\Roaming\Mipony\mipony.xml [12628]
O61 - LFC: 13/10/2013 - 15:15:33 ---A- . (...) -- C:\Users\bertrand\AppData\Roaming\Mipony\stats.xml [845]
O61 - LFC: 13/10/2013 - 15:15:36 ---A- . (...) -- C:\Users\bertrand\AppData\Roaming\ZHP\Log.txt [60363] =>.Nicolas Coolman
O61 - LFC: 13/10/2013 - 15:15:36 ---A- . (...) -- C:\Users\bertrand\AppData\Roaming\ZHP\TestsZHPDiag.txt [2936] =>.Nicolas Coolman
O61 - LFC: 13/10/2013 - 15:18:38 ---A- . (...) -- C:\Users\bertrand\Documents\Mipony\Fast and furious 3.avi [734361680]
O61 - LFC: 13/10/2013 - 15:18:38 ---A- . (...) -- C:\Users\bertrand\Documents\Mipony\Fast_and_Furious 4.avi [733698048]
O61 - LFC: 13/10/2013 - 15:21:01 ---A- . (...) -- C:\Users\bertrand\Downloads\Programs\RogueKillerX64.exe [3985920]
O61 - LFC: 13/10/2013 - 15:21:04 ---A- . (...) -- C:\Users\bertrand\Downloads\Programs\vlc-media-player_2-1-0_fr_10829.exe [24278649]
~ 61 Fichiers temporaires (Temporary files)
~ Files: 204 Scanned in 08mn 36s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 14/09/2013 - C:\Windows\system32\drivers\afd.sys (AFD) .(.Microsoft Corporation - Ancillary Function Driver for WinSock.) - LEGACY_AFD
O64 - Services: CurCS - 15/08/2012 - C:\Windows\System32\DRIVERS\atikmdag.sys (amdkmdag) .(.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\drivers\atapi.sys (atapi) .(.Microsoft Corporation - ATAPI IDE Miniport Driver.) - LEGACY_ATAPI
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\Drivers\Beep.sys (Beep) .(.Microsoft Corporation - BEEP Driver.) - LEGACY_BEEP
O64 - Services: CurCS - 04/07/2012 - C:\Windows\system32\browser.dll (bowser) .(.Microsoft Corporation - Computer Browser Service DLL.) - LEGACY_BOWSER
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\DRIVERS\cdfs.sys (cdfs) .(.Microsoft Corporation - CD-ROM File System Driver.) - LEGACY_CDFS
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\clfs.sys (CLFS) .(.Microsoft Corporation - Common Log File System Driver.) - LEGACY_CLFS
O64 - Services: CurCS - 02/06/2012 - C:\Windows\System32\Drivers\cng.sys (CNG) .(.Microsoft Corporation - Kernel Cryptography, Next Generation.) - LEGACY_CNG
O64 - Services: CurCS - 21/11/2010 - C:\Windows\system32\drivers\dfsc.sys (DfsC) .(.Microsoft Corporation - DFS Namespace Client Driver.) - LEGACY_DFSC
O64 - Services: CurCS - 13/07/2009 - C:\Windows\system32\drivers\discache.sys (discache) .(.Microsoft Corporation - System Indexer/Cache Driver.) - LEGACY_DISCACHE
O64 - Services: CurCS - 21/07/2011 - C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys (driverhardwarev2x64) .(.CybelSoft - Driver NT Ma-Config.com.) - LEGACY_DRIVERHARDWAREV2X64
O64 - Services: CurCS - 01/08/2013 - C:\Windows\system32\drivers\dxgkrnl.sys (DXGKrnl) .(.Microsoft Corporation - DirectX Graphics Kernel.) - LEGACY_DXGKRNL
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\fastfat.sys (fastfat) .(.Microsoft Corporation - Fast FAT File System Driver.) - LEGACY_FASTFAT
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\fileinfo.sys (FileInfo) .(.Microsoft Corporation - FileInfo Filter Driver.) - LEGACY_FILEINFO
O64 - Services: CurCS - 21/11/2010 - C:\Windows\system32\drivers\fltmgr.sys (FltMgr) .(.Microsoft Corporation - Microsoft Filesystem Filter Manager.) - LEGACY_FLTMGR
O64 - Services: CurCS - 24/01/2013 - C:\Windows\system32\drivers\fvevol.sys (fvevol) .(.Microsoft Corporation - BitLocker Drive Encryption Driver.) - LEGACY_FVEVOL
O64 - Services: CurCS - 21/11/2010 - C:\Windows\system32\drivers\http.sys (HTTP) .(.Microsoft Corporation - HTTP Protocol Stack.) - LEGACY_HTTP
O64 - Services: CurCS - 21/11/2010 - C:\Windows\system32\drivers\hwpolicy.sys (hwpolicy) .(.Microsoft Corporation - Hardware Policy Driver.) - LEGACY_HWPOLICY
O64 - Services: CurCS - 27/06/2013 - C:\Windows\System32\DRIVERS\idmwfp.sys (IDMWFP) .(.Tonec Inc. - Internet Download Manager WFP Driver.) - LEGACY_IDMWFP
O64 - Services: CurCS - 02/06/2012 - C:\Windows\System32\Drivers\ksecdd.sys (KSecDD) .(.Microsoft Corporation - Kernel Security Support Provider Interface.) - LEGACY_KSECDD
O64 - Services: CurCS - 02/06/2012 - C:\Windows\System32\Drivers\ksecpkg.sys (KSecPkg) .(.Microsoft Corporation - Kernel Security Support Provider Interface.) - LEGACY_KSECPKG
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\lltdio.sys (lltdio) .(.Microsoft Corporation - Link-Layer Topology Mapper I/O Driver.) - LEGACY_LLTDIO
O64 - Services: CurCS - 13/07/2009 - C:\Windows\system32\drivers\luafv.sys (luafv) .(.Microsoft Corporation - LUA File Virtualization Filter Driver.) - LEGACY_LUAFV
O64 - Services: CurCS - 04/04/2013 - C:\Windows\system32\drivers\mbam.sys (MBAMProtector) .(.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - LEGACY_MBAMPROTECTOR
O64 - Services: CurCS - 21/11/2010 - C:\Windows\system32\drivers\mountmgr.sys (mountmgr) .(.Microsoft Corporation - Mount Point Manager.) - LEGACY_MOUNTMGR
O64 - Services: CurCS - 18/06/2013 - C:\Windows\System32\DRIVERS\MpFilter.sys (MpFilter) .(.Microsoft Corporation - Microsoft antimalware file system filter dr.) - LEGACY_MPFILTER
O64 - Services: CurCS - 13/10/2013 - c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{513B9743-3513-435F-ACD3-F3394DC73E33}\MpKsl62610a28.sys (MpKsl62610a28) .(.Microsoft Corporation - KSLDriver.) - LEGACY_MPKSL62610A28
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\FirewallAPI.dll (mpsdrv) .(.Microsoft Corporation - Windows Firewall API.) - LEGACY_MPSDRV
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\drivers\mqac.sys (MQAC) .(.Microsoft Corporation - Message Queuing Device Driver.) - LEGACY_MQAC
O64 - Services: CurCS - 21/11/2010 - C:\Windows\system32\wkssvc.dll (mrxsmb) .(.Microsoft Corporation - Workstation Service DLL.) - LEGACY_MRXSMB
O64 - Services: CurCS - 21/11/2010 - C:\Windows\system32\wkssvc.dll (mrxsmb10) .(.Microsoft Corporation - Workstation Service DLL.) - LEGACY_MRXSMB10
O64 - Services: CurCS - 21/11/2010 - C:\Windows\system32\wkssvc.dll (mrxsmb20) .(.Microsoft Corporation - Workstation Service DLL.) - LEGACY_MRXSMB20
O64 - Services: CurCS - 21/11/2010 - C:\Windows\System32\drivers\msahci.sys (msahci) .(.Microsoft Corporation - MS AHCI 1.0 Standard Driver.) - LEGACY_MSAHCI
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\drivers\msisadrv.sys (msisadrv) .(.Microsoft Corporation - ISA Driver.) - LEGACY_MSISADRV
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\mup.sys (Mup) .(.Microsoft Corporation - Multiple UNC Provider Driver.) - LEGACY_MUP
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\nwifi.sys (NativeWifiP) .(.Microsoft Corporation - NativeWiFi Miniport Driver.) - LEGACY_NATIVEWIFIP
O64 - Services: CurCS - 22/08/2012 - C:\Windows\system32\drivers\ndis.sys (NDIS) .(.Microsoft Corporation - NDIS 6.20 driver.) - LEGACY_NDIS
O64 - Services: CurCS - 21/11/2010 - C:\Windows\System32\DRIVERS\ndisuio.sys (Ndisuio) .(.Microsoft Corporation - NDIS User mode I/O driver.) - LEGACY_NDISUIO
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\netbios.sys (NetBIOS) .(.Microsoft Corporation - NetBIOS interface driver.) - LEGACY_NETBIOS
O64 - Services: CurCS - 21/11/2010 - C:\Windows\system32\drivers\netbt.sys (NetBT) .(.Microsoft Corporation - MBT Transport driver.) - LEGACY_NETBT
O64 - Services: CurCS - 18/06/2013 - C:\Windows\System32\DRIVERS\NisDrvWFP.sys (NisDrv) .(.Microsoft Corporation - Microsoft Network Realtime Inspection Drive.) - LEGACY_NISDRV
O64 - Services: CurCS - 01/01/1601 - C:\Windows\System32\drivers\NPF.sys (NPF) .(...) - LEGACY_NPF
O64 - Services: CurCS - 13/07/2009 - C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) .(.Microsoft Corporation - NSI Proxy.) - LEGACY_NSIPROXY
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\drivers\pcw.sys (pcw) .(.Microsoft Corporation - Performance Counters for Windows Driver.) - LEGACY_PCW
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\drivers\peauth.sys (PEAUTH) .(.Microsoft Corporation - Protected Environment Authentication and Au.) - LEGACY_PEAUTH
O64 - Services: CurCS - 21/11/2010 - C:\Windows\System32\drivers\pacer.sys (Psched) .(.Microsoft Corporation - QoS Packet Scheduler.) - LEGACY_PSCHED
O64 - Services: CurCS - 20/08/2012 - C:\Windows\system32\pwdrvio.sys (pwdrvio) .(...) - LEGACY_PWDRVIO
O64 - Services: CurCS - 20/08/2012 - C:\Windows\system32\pwdspio.sys (pwdspio) .(...) - LEGACY_PWDSPIO
O64 - Services: CurCS - 21/11/2010 - C:\Windows\system32\wkssvc.dll (rdbss) .(.Microsoft Corporation - Workstation Service DLL.) - LEGACY_RDBSS
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) .(.Microsoft Corporation - RDP Miniport.) - LEGACY_RDPCDD
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) .(.Microsoft Corporation - RDP Encoder Miniport.) - LEGACY_RDPENCDD
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) .(.Microsoft Corporation - RDP Reflector Driver Miniport.) - LEGACY_RDPREFMP
O64 - Services: CurCS - 28/04/2012 - C:\Windows\System32\Drivers\RDPWD.sys (RDPWD) .(.Microsoft Corporation - RDP Terminal Stack Driver.) - LEGACY_RDPWD
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\rspndr.sys (rspndr) .(.Microsoft Corporation - Link-Layer Topology Responder Driver for ND.) - LEGACY_RSPNDR
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 26/06/2013 - C:\Windows\System32\DRIVERS\Sftfslh.sys (Sftfs) .(.Microsoft Corporation - Microsoft Application Virtualization File S.) - LEGACY_SFTFS
O64 - Services: CurCS - 26/06/2013 - C:\Windows\System32\DRIVERS\Sftplaylh.sys (Sftplay) .(.Microsoft Corporation - Microsoft Application Virtualization System.) - LEGACY_SFTPLAY
O64 - Services: CurCS - 26/06/2013 - C:\Windows\System32\DRIVERS\Sftredirlh.sys (Sftredir) .(.Microsoft Corporation - Microsoft Application Virtualization System.) - LEGACY_SFTREDIR
O64 - Services: CurCS - 26/06/2013 - C:\Windows\System32\DRIVERS\Sftvollh.sys (Sftvol) .(.Microsoft Corporation - Microsoft Application Virtualization Volume.) - LEGACY_SFTVOL
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\Drivers\spldr.sys (spldr) .(.Microsoft Corporation - loader for security processor.) - LEGACY_SPLDR
O64 - Services: CurCS - 01/01/1601 - C:\Windows\System32\Drivers\sptd.sys (sptd) .(...) - LEGACY_SPTD
O64 - Services: CurCS - 21/11/2010 - C:\Windows\system32\srvsvc.dll (srv) .(.Microsoft Corporation - Server Service DLL.) - LEGACY_SRV
O64 - Services: CurCS - 21/11/2010 - C:\Windows\system32\srvsvc.dll (srv2) .(.Microsoft Corporation - Server Service DLL.) - LEGACY_SRV2
O64 - Services: CurCS - 18/10/2011 - C:\Windows\System32\DRIVERS\srvnet.sys (srvnet) .(.Microsoft Corporation - Server Network driver.) - LEGACY_SRVNET
O64 - Services: CurCS - 21/11/2010 - C:\Windows\system32\tcpipcfg.dll (Tcpip) .(.Microsoft Corporation - Network Configuration Objects.) - LEGACY_TCPIP
O64 - Services: CurCS - 03/10/2012 - C:\Windows\System32\drivers\tcpipreg.sys (tcpipreg) .(.Microsoft Corporation - TCP/IP Registry Compatibility Driver.) - LEGACY_TCPIPREG
O64 - Services: CurCS - 17/02/2012 - C:\Windows\System32\drivers\tdtcp.sys (TDTCP) .(.Microsoft Corporation - TCP Transport Driver.) - LEGACY_TDTCP
O64 - Services: CurCS - 21/11/2010 - C:\Windows\system32\tcpipcfg.dll (tdx) .(.Microsoft Corporation - Network Configuration Objects.) - LEGACY_TDX
O64 - Services: CurCS - 15/06/2013 - C:\Windows\System32\DRIVERS\tssecsrv.sys (tssecsrv) .(.Microsoft Corporation - TS Security Filter Driver.) - LEGACY_TSSECSRV
O64 - Services: CurCS - 21/11/2010 - C:\Windows\System32\DRIVERS\udfs.sys (udfs) .(.Microsoft Corporation - UDF File System Driver.) - LEGACY_UDFS
O64 - Services: CurCS - 04/07/2013 - C:\Windows\System32\DRIVERS\VBoxDrv.sys (VBoxDrv) .(.Oracle Corporation - VirtualBox Support Driver.) - LEGACY_VBOXDRV
O64 - Services: CurCS - 04/07/2013 - C:\Windows\System32\DRIVERS\VBoxUSBMon.sys (VBoxUSBMon) .(.Oracle Corporation - VirtualBox USB Monitor Driver.) - LEGACY_VBOXUSBMON
O64 - Services: CurCS - 13/07/2009 - C:\Windows\system32\drivers\vga.sys (VgaSave) .(.Microsoft Corporation - VGA/Super VGA Video Driver.) - LEGACY_VGASAVE
O64 - Services: CurCS - 21/11/2010 - C:\Windows\system32\drivers\volmgrx.sys (volmgrx) .(.Microsoft Corporation - Volume Manager Extension Driver.) - LEGACY_VOLMGRX
O64 - Services: CurCS - 18/10/2011 - C:\Windows\System32\drivers\volsnap.sys (volsnap) .(.Microsoft Corporation - Volume Shadow Copy Driver.) - LEGACY_VOLSNAP
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\vwififlt.sys (vwififlt) .(.Microsoft Corporation - Virtual WiFi Filter Driver.) - LEGACY_VWIFIFLT
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\rascfg.dll (Wanarpv6) .(.Microsoft Corporation - RAS Configuration Objects.) - LEGACY_WANARPV6
O64 - Services: CurCS - 25/06/2013 - C:\Windows\System32\drivers\Wdf01000.sys (Wdf01000) .(.Microsoft Corporation - Kernel Mode Driver Framework Runtime.) - LEGACY_WDF01000
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\wfplwf.sys (WfpLwf) .(.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - LEGACY_WFPLWF
O64 - Services: CurCS - 26/07/2012 - C:\Windows\System32\drivers\WudfPf.sys (WudfPf) .(.Microsoft Corporation - Windows Driver Foundation - User-mode Drive.) - LEGACY_WUDFPF
~ Legacy: 97 Scanned in 00mn 01s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft � Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.bat> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> [HKCR\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> [HKCR\..\open\Command] (.Microsoft Corporation - Microsoft � Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> [HKCR\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe
~ FASS Keys: 19 Scanned in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files (x86)\Safari\Safari.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Not Key.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\bertrand\AppData\Local\Torch\Application\torch.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {2E5116F8-395B-4D67-9039-F1FF13E609C4} - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Crack & Keygen Files (CKF) (O82)
C:\Program Files (x86)\RAR Password Cracker\example1.rar
C:\Program Files (x86)\RAR Password Cracker\example2.rar
C:\Program Files (x86)\RAR Password Cracker\rpc.exe
C:\Program Files (x86)\RAR Password Cracker\uninstall.exe
C:\Users\bertrand\Desktop\Logiciel\Sony ACID Pro 7.0.641.Keygen__a06568\Sony ACID Pro 7.0.641.Keygen\Sony ACID Pro 7.0.641.Keygen.rar
C:\Users\bertrand\Downloads\Keygen Acid Pro 7.0.rar
C:\Program Files (x86)\RAR Password Cracker\example1.rar
C:\Program Files (x86)\RAR Password Cracker\example2.rar
C:\Program Files (x86)\RAR Password Cracker\rpc.exe
C:\Program Files (x86)\RAR Password Cracker\uninstall.exe
C:\Users\bertrand\Desktop\Logiciel\Sony ACID Pro 7.0.641.Keygen__a06568\Sony ACID Pro 7.0.641.Keygen\Sony ACID Pro 7.0.641.Keygen.rar
C:\Users\bertrand\Downloads\Keygen Acid Pro 7.0.rar
~ Files: Scanned in 01mn 05s



---\\ Search Svchost Services (SSS) (O83)
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) -- C:\Windows\System32\aelupsvc.dll [72192]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation Service.) -- C:\Windows\System32\certprop.dll [80384]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation Service.) -- C:\Windows\System32\certprop.dll [80384]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\Windows\System32\srvsvc.dll [236032]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\Windows\System32\gpsvc.dll [777728]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\Windows\System32\ikeext.dll [853504]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\Windows\System32\Audiosrv.dll [679424]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\Windows\System32\rasauto.dll [99328]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\Windows\System32\rasmans.dll [344064]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [97792]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\Windows\System32\sens.dll [64512]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\Windows\System32\ipnathlp.dll [359424]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft� Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [316928]
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Remote Desktop Session Host Server Remote Connections Manager.) -- C:\Windows\System32\termsrv.dll [680960]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [2428952]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\Windows\System32\qmgr.dll [849920]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [370688]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over an IPv4 network..) -- C:\Windows\System32\iphlpsvc.dll [569344]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\Windows\system32\seclogon.dll [30720]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\Windows\System32\appinfo.dll [70144]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\Windows\System32\iscsiexe.dll [156672]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) -- C:\Windows\System32\mmcss.dll [67584]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [242688]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\sessenv.dll [121856]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\Windows\System32\browser.dll [136704]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\Windows\System32\eapsvc.dll [111104]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\Windows\System32\schedsvc.dll [1110016]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\Windows\System32\kmsvc.dll [90624]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\Windows\System32\wercplsupport.dll [84480]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [209920]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\Windows\System32\themeservice.dll [44544]
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\Windows\System32\bdesvc.dll [100864]
~ Services: 32 Scanned in 00mn 00s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.0BBA35A0C70D3AE92E9D0B1B68DB8438] [SPRF][10/10/2013] (...) -- C:\Users\bertrand\AppData\Local\Temp\CPBA.bat [245]
[MD5.CAAAC014C5C56A69F710B5F1B836DE22] [SPRF][29/08/2013] (.Microsoft Corporation - NT Layer DLL.) -- C:\Users\bertrand\AppData\Local\Temp\ntdll_dump.dll [1732032]
[MD5.6EA18C193AAF14F9EDFF65EED8EFAB2C] [SPRF][09/10/2013] (...) -- C:\Users\bertrand\AppData\Local\Temp\Quarantine.exe [344355]
[MD5.DC88D1CAE23F2150C1B479A2BF3A12A6] [SPRF][16/08/2012] (.3DMGAME - FLiNG@3DMGAME Presents - Darksiders II Up 1 Plus 22 Trainer.) -- C:\Users\bertrand\Desktop\Darksiders II Up 1 Plus 22 Trainer.exe [1179648]
[MD5.FD61B634CBD82AFB7BEED0E16DA5CDB5] [SPRF][20/12/2012] (.SpeedyFox - SpeedyFox program.) -- C:\Users\bertrand\Desktop\speedyfox.exe [586744]
~ Files: 5 Scanned in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "RemoteAssistance-PnrpSvc-UDP-OUT-Active" | Out - Domain - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteAssistance-SSDPSrv-Out-TCP-Active" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteAssistance-SSDPSrv-In-TCP-Active" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteAssistance-SSDPSrv-Out-UDP-Active" | Out - Domain - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteAssistance-SSDPSrv-In-UDP-Active" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteAssistance-Out-TCP-Active" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Windows Remote Assistance.) -- C:\Windows\system32\msra.exe
O87 - FAEL: "RemoteAssistance-In-TCP-EdgeScope-Active" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Windows Remote Assistance.) -- C:\Windows\system32\msra.exe
O87 - FAEL: "RemoteAssistance-DCOM-In-TCP-NoScope-Active" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteAssistance-RAServer-Out-TCP-NoScope-Active" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Windows Remote Assistance COM Server.) -- C:\Windows\system32\raserver.exe
O87 - FAEL: "RemoteAssistance-RAServer-In-TCP-NoScope-Active" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Windows Remote Assistance COM Server.) -- C:\Windows\system32\raserver.exe
O87 - FAEL: "RemoteAssistance-PnrpSvc-UDP-OUT" | Out - Public - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteAssistance-PnrpSvc-UDP-In-EdgeScope" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteAssistance-Out-TCP" | Out - Public - P6 - TRUE | .(.Microsoft Corporation - Windows Remote Assistance.) -- C:\Windows\system32\msra.exe
O87 - FAEL: "RemoteAssistance-In-TCP-EdgeScope" | In - Public - P6 - TRUE | .(.Microsoft Corporation - Windows Remote Assistance.) -- C:\Windows\system32\msra.exe
O87 - FAEL: "RemoteFwAdmin-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteFwAdmin-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteFwAdmin-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteFwAdmin-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteEventLogSvc-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteEventLogSvc-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteEventLogSvc-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteEventLogSvc-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MSDTC-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MSDTC-KTMRM-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MSDTC-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Microsoft Distributed Transaction Coordinator Service.) -- C:\Windows\system32\msdtc.exe
O87 - FAEL: "MSDTC-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Microsoft Distributed Transaction Coordinator Service.) -- C:\Windows\system32\msdtc.exe
O87 - FAEL: "MSDTC-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MSDTC-KTMRM-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MSDTC-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Microsoft Distributed Transaction Coordinator Service.) -- C:\Windows\system32\msdtc.exe
O87 - FAEL: "MSDTC-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Microsoft Distributed Transaction Coordinator Service.) -- C:\Windows\system32\msdtc.exe
O87 - FAEL: "RemoteTask-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteTask-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteTask-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteTask-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteSvcAdmin-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteSvcAdmin-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Services and Controller app.) -- C:\Windows\system32\services.exe
O87 - FAEL: "RemoteSvcAdmin-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteSvcAdmin-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Services and Controller app.) -- C:\Windows\system32\services.exe
O87 - FAEL: "NETDIS-FDRESPUB-WSD-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-FDRESPUB-WSD-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-LLMNR-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-LLMNR-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-FDPHOST-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-FDPHOST-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-UPnP-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-SSDPSrv-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-SSDPSrv-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-FDRESPUB-WSD-Out-UDP-Active" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-FDRESPUB-WSD-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-LLMNR-Out-UDP-Active" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-LLMNR-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-FDPHOST-Out-UDP-Active" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-FDPHOST-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-UPnP-Out-TCP-Active" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-SSDPSrv-Out-UDP-Active" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-SSDPSrv-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMI-ASYNC-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) -- C:\Windows\system32\wbem\unsecapp.exe
O87 - FAEL: "WMI-WINMGMT-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMI-WINMGMT-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMI-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMI-ASYNC-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) -- C:\Windows\system32\wbem\unsecapp.exe
O87 - FAEL: "WMI-WINMGMT-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMI-WINMGMT-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMI-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MsiScsi-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MsiScsi-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MsiScsi-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MsiScsi-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "PerfLogsAlerts-DCOM-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "PerfLogsAlerts-PLASrv-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Performance Logs and Alerts DCOM Server.) -- C:\Windows\system32\plasrv.exe
O87 - FAEL: "PerfLogsAlerts-DCOM-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "PerfLogsAlerts-PLASrv-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Performance Logs and Alerts DCOM Server.) -- C:\Windows\system32\plasrv.exe
O87 - FAEL: "CoreNet-GP-LSASS-Out-TCP" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Local Security Authority Process.) -- C:\Windows\system32\lsass.exe
O87 - FAEL: "CoreNet-DNS-Out-UDP" | Out - None - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "CoreNet-GP-Out-TCP" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "CoreNet-IPHTTPS-Out" | Out - None - P6 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "CoreNet-Teredo-Out" | Out - None - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "CoreNet-Teredo-In" | In - None - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "CoreNet-DHCPV6-Out" | Out - None - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "CoreNet-DHCPV6-In" | In - None - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "CoreNet-DHCP-Out" | Out - None - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "CoreNet-DHCP-In" | In - None - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "FPS-LLMNR-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "FPS-LLMNR-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "FPS-SpoolSvc-In-TCP" | In - Public - P6 - TRUE | .(.Microsoft Corporation - Spooler SubSystem App.) -- C:\Windows\system32\spoolsv.exe
O87 - FAEL: "FPS-SpoolSvc-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Spooler SubSystem App.) -- C:\Windows\system32\spoolsv.exe
O87 - FAEL: "Collab-PNRP-SSDPSrv-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "Collab-PNRP-SSDPSrv-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "Collab-PNRP-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "Collab-PNRP-In-UDP" | In - None - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "Collab-P2PHost-WSD-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - People Near Me.) -- C:\Windows\system32\p2phost.exe
O87 - FAEL: "Collab-P2PHost-WSD-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - People Near Me.) -- C:\Windows\system32\p2phost.exe
O87 - FAEL: "Collab-P2PHost-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - People Near Me.) -- C:\Windows\system32\p2phost.exe
O87 - FAEL: "Collab-P2PHost-In-TCP" | In - None - P6 - TRUE | .(.Microsoft Corporation - People Near Me.) -- C:\Windows\system32\p2phost.exe
O87 - FAEL: "RVM-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RVM-VDSLDR-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Virtual Disk Service Loader.) -- C:\Windows\system32\vdsldr.exe
O87 - FAEL: "RVM-VDS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Virtual Disk Service.) -- C:\Windows\system32\vds.exe
O87 - FAEL: "RVM-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RVM-VDSLDR-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Virtual Disk Service Loader.) -- C:\Windows\system32\vdsldr.exe
O87 - FAEL: "RVM-VDS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Virtual Disk Service.) -- C:\Windows\system32\vds.exe
O87 - FAEL: "PNRPMNRS-SSDPSrv-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "PNRPMNRS-SSDPSrv-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "PNRPMNRS-PNRP-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "PNRPMNRS-PNRP-In-UDP" | In - None - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-UPnP-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-Out-TCP" |Out - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-Out-UDP" |Out - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-In-UDP" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-WMP-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-WMP-Out-UDP" | Out - Public - P17 - FALSE | .(.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-WMP-In-UDP" | In - Public - P17 - FALSE | .(.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-SSDPSrv-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-SSDPSrv-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-QWave-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-QWave-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-QWave-Out-UDP" | Out - Public - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-QWave-In-UDP" | In - Public - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-Out-TCP-NoScope" |Out - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-Out-UDP-NoScope" |Out - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-In-UDP-NoScope" |In - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-WMP-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-WMP-Out-UDP-NoScope" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-WMP-In-UDP-NoScope" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-QWave-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-QWave-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-QWave-Out-UDP-NoScope" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-QWave-In-UDP-NoScope" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMP-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "WMP-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "WMP-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "SNMPTRAP-In-UDP-NoScope" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - SNMP Trap.) -- C:\Windows\system32\snmptrap.exe
O87 - FAEL: "SNMPTRAP-In-UDP" | In - Public - P17 - FALSE | .(.Microsoft Corporation - SNMP Trap.) -- C:\Windows\system32\snmptrap.exe
O87 - FAEL: "WPDMTP-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) -- C:\Windows\system32\wudfhost.exe
O87 - FAEL: "WPDMTP-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) -- C:\Windows\system32\wudfhost.exe
O87 - FAEL: "WPDMTP-SSDPSrv-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WPDMTP-SSDPSrv-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WPDMTP-UPnPHost-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WPDMTP-UPnP-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{067728B7-8207-4444-9C5C-16924B16B017}" | In - None - P6 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O87 - FAEL: "{07462E69-35AE-46C5-BB86-CE3D2F70015E}" | In - None - P6 - TRUE | .(.Microsoft Corporation - Windows Live Communications Platform.) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
O87 - FAEL: "{64450F0E-B8D9-4562-B997-D23BB7523CB3}" | In - None - P6 - TRUE | .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O87 - FAEL: "{89CBF968-489D-4C0B-9D5D-EC37EF01E027}" | In - None - P6 - TRUE | .(.Microsoft Corporation - Mesh Operating Environment.) -- C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
O87 - FAEL: "{8933F1A2-75CE-4360-9041-D995E1A941BE}" |In - Domain - P6 - TRUE | .(...) -- C:\Windows\system32\ezSharedSvcHost.exe (.not file.)
O87 - FAEL: "{B8D7BC81-6DA3-434F-9AE6-BB4C2C694C1C}" |In - Domain - P6 - TRUE | .(...) -- C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe (.not file.)
O87 - FAEL: "NetPres-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-Out-TCP-NoScope" |Out - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-WSD-In-UDP" |In - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-WSD-Out-UDP" |Out - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-Out-TCP" |Out - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "MCX-SSDPSrv-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MCX-SSDPSrv-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MCX-In-TCP" | In - None - P6 - FALSE | .(.Microsoft Corporation - Windows Media Center.) -- C:\Windows\ehome\ehshell.exe =>.Microsoft Corporation
O87 - FAEL: "MCX-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Windows Media Center.) -- C:\Windows\ehome\ehshell.exe =>.Microsoft Corporation
O87 - FAEL: "MCX-QWave-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MCX-QWave-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MCX-QWave-In-TCP" | In - None - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MCX-QWave-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MCX-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Windows Media Center.) -- C:\Windows\ehome\ehshell.exe =>.Microsoft Corporation
O87 - FAEL: "MCX-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Windows Media Center.) -- C:\Windows\ehome\ehshell.exe =>.Microsoft Corporation
O87 - FAEL: "MCX-MCX2SVC-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MCX-Prov-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - MCX2 Provisioning library.) -- C:\Windows\ehome\mcx2prov.exe
O87 - FAEL: "MCX-PlayTo-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MCX-McrMgr-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Media Center Extender Manager.) -- C:\Windows\ehome\mcrmgr.exe
O87 - FAEL: "MCX-PlayTo-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MCX-FDPHost-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{858D43EF-8E7C-418E-B32F-17EF8279D156}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "{31FFC9A5-0147-448C-BD0C-843A4A3E1B4A}" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "{A75FB0CE-4F8D-4231-98FE-8FF1766700ED}" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "{0F39B5FF-6E45-4100-A01F-57FA53EBEDD0}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{B78429A9-275D-424E-A350-08DC4676460A}" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{3F4A6B68-3ACD-4858-82E6-65225CB0B98A}" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{2FEFCFA3-2CE1-4A91-9377-C56561BA4D66}" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{0F530A8E-C433-4D32-BED5-5D5BFE399506}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{DB2486EA-CE6A-4C39-B9DA-9172D38C92D1}" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{1B59970D-D973-46BC-B4CA-DFDB37C3DA1F}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "{714D009A-04C5-42C0-95CF-93E853D10DFB}" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "{1326DFE2-B4D8-4E07-85DE-287BDB5A915E}" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "{84FB7C0F-0AA8-4F0D-BEF1-BAAE51D705C5}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) =>.Microsoft Corporation
O87 - FAEL: "{E1B157EE-1F7A-4952-B4FE-886588BA38F2}" |Out - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) =>.Microsoft Corporation
O87 - FAEL: "{759F3A6B-14D8-44A5-9632-878AEE0C39B9}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) =>.Microsoft Corporation
O87 - FAEL: "{458E0643-A1AF-421F-B336-C12F0A090629}" |Out - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) =>.Microsoft Corporation
O87 - FAEL: "{1912167F-4F58-4677-AE88-F2BF092E4497}" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{0EFED22C-386C-4B93-BC09-68748972C142}" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Spooler SubSystem App.) -- C:\Windows\system32\spoolsv.exe
O87 - FAEL: "{3344ADFF-FE2A-45D9-921C-967B19571786}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{D10F8589-9690-4586-8FBA-EAF35D9EBA4B}" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{EE983AEC-D3D1-4F07-A1EB-AC43D6396059}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Bonjour\mDNSResponder.exe (.not file.)
O87 - FAEL: "{6724B096-0F2A-41E8-8AF6-9139B6F61D81}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Bonjour\mDNSResponder.exe (.not file.)
O87 - FAEL: "{16767F38-0C02-442A-BCC4-347D61FACFD5}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (.not file.)
O87 - FAEL: "{2E0C6C95-D085-4C04-942F-34FF4C92231F}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (.not file.)
O87 - FAEL: "TCP Query User{E9E29719-4AB7-4830-BE2D-771CC4284F00}C:\users\bertrand\appdata\local\temp\rar$ex64.032\assassin's creed brotherhood\acbsp.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\bertrand\appdata\local\temp\rar$ex64.032\assassin's creed brotherhood\acbsp.exe (.not file.)
O87 - FAEL: "UDP Query User{2A5B6D35-51B3-47B0-A395-7263BDF580A5}C:\users\bertrand\appdata\local\temp\rar$ex64.032\assassin's creed brotherhood\acbsp.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\bertrand\appdata\local\temp\rar$ex64.032\assassin's creed brotherhood\acbsp.exe (.not file.)
O87 - FAEL: "{32697A53-C88D-4306-A174-33BD21C85E39}" | In - Public - P6 - TRUE | .(...) -- C:\Users\bertrand\Downloads\LeagueofLegends.exe
O87 - FAEL: "{21A74C52-DD21-45C7-9973-F91F129A7F2A}" | In - Public - P17 - TRUE | .(...) -- C:\Users\bertrand\Downloads\LeagueofLegends.exe
O87 - FAEL: "{5345E2A7-7404-4F67-B3C2-F7334341E843}" | In - Domain - P6 - FALSE | .(...) -- C:\Users\bertrand\Downloads\LeagueofLegends.exe
O87 - FAEL: "{B0127541-69DF-47FE-8824-E70D428A7194}" | In - Domain - P17 - FALSE | .(...) -- C:\Users\bertrand\Downloads\LeagueofLegends.exe
O87 - FAEL: "{512E2BF1-3C97-4982-B588-C83C80288B25}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - �Torrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{C497BDA9-A305-49EF-9BCA-267C29EF0F80}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - �Torrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{83361A03-5E4C-4440-A5E2-05FE1E1BDA4A}" | In - None - P17 - TRUE | .(.Skype Limited - Facebook Video Calling.) -- C:\Users\bertrand\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
O87 - FAEL: "{71862E49-28DE-4247-BC05-E2705F32CA61}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX11.016\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{F5E6CCB4-D83C-406B-967E-B9A2A8877E4C}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX52.536\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{076E0E56-7E8C-484D-8A82-03A6E5051492}" | In - Private - P6 - TRUE | .(.CybelSoft - Service de d�tection mat�riel.) -- C:\Program Files\ma-config.com\x64\maconfservice.exe
O87 - FAEL: "{0EB71837-9BF5-41E2-8D37-33FC11DA69EE}" | In - Private - P17 - TRUE | .(.CybelSoft - Service de d�tection mat�riel.) -- C:\Program Files\ma-config.com\x64\maconfservice.exe
O87 - FAEL: "{36DE3433-A7F4-4F08-A9AC-4C78A0D265BB}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX93.152\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{6C3A3E7B-3FE0-465E-A857-2C4C87734490}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX67.776\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{28066C0A-C0D8-4EB0-BFAC-91335D099C2B}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX09.352\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{53578C19-C63C-4338-B49F-B71BEEABAE94}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX00.384\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{A3C190AA-561B-415E-81B8-018A7E7F672E}" |In - Private - P6 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (.not file.)
O87 - FAEL: "{FEF31581-E8AC-486F-8B54-4754A1164CC9}" |In - Private - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (.not file.)
O87 - FAEL: "{E0278113-1653-496C-B874-2C872334EB49}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Torch\Plugins\Torrent\TorchTorrent.exe (.not file.)
O87 - FAEL: "TCP Query User{445B8B2D-824C-484A-B306-D7314DF101DE}C:\games\world_of_tanks\worldoftanks.exe" | In - Public - P6 - TRUE | .(.Wargaming.net - World of Tanks.) -- C:\games\world_of_tanks\worldoftanks.exe
O87 - FAEL: "UDP Query User{FAD69256-FD7B-4932-A698-1C1D0D07AA16}C:\games\world_of_tanks\worldoftanks.exe" | In - Public - P17 - TRUE | .(.Wargaming.net - World of Tanks.) -- C:\games\world_of_tanks\worldoftanks.exe
O87 - FAEL: "{9466ED93-7C8C-419A-9CBB-8BB856558F94}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX56.224\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{DC2A475F-6B54-4F92-A8B8-8F25243531E0}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX54.240\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{F35BF724-9A8E-4129-8B61-BCC6F526F172}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX28.944\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{F87EEF58-5A2D-449C-8F6C-5DDCD25277B3}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe (.not file.)
O87 - FAEL: "{1C45AF46-6738-4473-B4DB-38A452AB626D}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe (.not file.)
O87 - FAEL: "{903F73FC-5A6E-4675-8F2C-6709D084DF0E}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX61.352\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{2BE795F0-3FA0-4073-A06D-EDA73DC2051F}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\goforfilesdl.exe (.not file.) =>P2P.GoforFiles
O87 - FAEL: "{EB572691-35AA-4B37-8750-E16701137204}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\goforfilesdl.exe (.not file.) =>P2P.GoforFiles
O87 - FAEL: "{77BBF850-4008-4550-BEF4-C814E878DD56}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\GoforFiles.exe (.not file.) =>P2P.GoforFiles
O87 - FAEL: "{7C33DEA1-14CE-4F53-8758-D89BC439E407}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\GoforFiles.exe (.not file.) =>P2P.GoforFiles
O87 - FAEL: "{26F74085-DF96-4F8C-9DEB-DF9F42255897}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX24.544\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{83D685AA-96BF-4BB6-B3BB-C4A5229CD48C}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX71.696\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{AAB66AE3-7C9C-4DA1-ACFD-BF222CD0AFBF}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX72.184\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{A889C48F-26B1-4B34-9C8A-1A31F3F8DD0E}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX57.744\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{C7A40817-D9AD-4B36-B201-7A35F4CE6508}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX94.968\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{C484B0A5-CDD7-4287-81C8-B9F41A77CAF5}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX08.544\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{BFACFFBD-187B-4D3F-BAD1-3288F6DF146A}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX14.256\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{CBA89A3E-0CCB-4A88-A33D-99D3E8F52A80}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX93.816\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{4D58C6E4-68AF-42AE-A60C-67A2C1C0B958}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX59.240\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{3B00E187-288D-4786-B360-75E48166E8DB}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX82.352\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{CE16C3E6-AAA1-4DE0-BABB-B85DAD7D16DA}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX01.528\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{5C7DEF05-79C6-4C48-8A9F-C73BF8AA77FB}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX14.544\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{F3E132D3-5441-405C-9057-61EFF20866EB}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX40.696\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{98607775-081C-4C18-B523-3220E3CA205D}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX88.000\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{3C7F4820-23DD-4759-9F4F-31902CFB8629}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX12.128\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{00FAF6E7-35FC-4E17-A2C3-3CDD9FB74466}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX09.984\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{C818D459-5F3D-4A0E-B6E4-06109AF3F57A}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX79.912\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{F05BB7AB-8080-4FE6-96DD-B75C1A1F19BC}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX93.912\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{C4D1AFE9-A11B-4CDA-8FDB-A5E8211E0B06}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX56.616\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{661DD5EB-B151-4009-9595-6277897EE0EB}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX12.360\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{646781FF-6158-43FB-8F80-D89BAD585B1A}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX59.824\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{EE331D2E-98B9-4C07-BC02-F61CBF7064E6}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX14.824\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{14C517DF-3DC4-4F6B-BFD4-A9537E256664}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX25.528\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{08D903F2-AA3C-4B67-871C-D5553E1D2EE2}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX54.640\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{204CFC2B-0B3B-4108-B29D-911377E70FD5}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX15.640\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{234175A3-7706-4CB7-8533-6A9366199EAF}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX84.080\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{C3D4291B-8121-4C86-938B-4EE6E86934BE}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX13.512\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "TCP Query User{F8462850-37D0-4675-8A69-470FA503E6C4}C:\games\world_of_tanks\wotlauncher.exe" | In - Public - P6 - TRUE | .(.Wargaming.net - World of Tanks Launcher.) -- C:\games\world_of_tanks\wotlauncher.exe
O87 - FAEL: "UDP Query User{D4B495C2-D0AA-4446-A406-67B0D715B4E9}C:\games\world_of_tanks\wotlauncher.exe" | In - Public - P17 - TRUE | .(.Wargaming.net - World of Tanks Launcher.) -- C:\games\world_of_tanks\wotlauncher.exe
O87 - FAEL: "{4974573A-D3BC-4BA2-8289-C91EF24592E3}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX56.512\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{BB57D50C-0115-4F6F-B166-9EBCAC243025}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX21.248\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{FC8B7136-AFF5-451D-83AB-5EDBD11FE87F}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX89.984\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{42E50006-0FD9-4F06-924B-4E2F8D3C4469}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX53.136\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{0950837F-82A6-43B6-8D5C-13A6A11887FE}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX10.416\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{A3FA96D6-4EFA-43BD-9CEC-3E7EBE321C95}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX17.672\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{5FEFB418-7C18-4664-9352-48588ED845C7}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX45.600\FrozenWay 1.6.1\FrozenWay.exe (.not file.)
O87 - FAEL: "{7B1626DC-7FAB-4D3D-B19E-5564E5AC6217}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX11.592\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{3A9765AB-36B3-44BA-9C95-5CD51D999828}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX51.320\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{B28ED1EA-9ED0-4B22-8AD0-2988E65CC57D}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX22.192\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{9858B37F-79C4-4E0E-A64E-760C713739BB}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (.not file.) =>Adware.RelevantKnowledge
O87 - FAEL: "{34255E90-B16A-410A-A992-1D9D8ADCF319}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (.not file.) =>Adware.RelevantKnowledge
O87 - FAEL: "MSMQ-In-TCP" | In - None - P6 - TRUE | .(.Microsoft Corporation - Message Queuing Service.) -- C:\Windows\system32\mqsvc.exe
O87 - FAEL: "MSMQ-Out-TCP" | Out - None - P6 - TRUE | .(.Microsoft Corporation - Message Queuing Service.) -- C:\Windows\system32\mqsvc.exe
O87 - FAEL: "MSMQ-In-UDP" | In - None - P17 - TRUE | .(.Microsoft Corporation - Message Queuing Service.) -- C:\Windows\system32\mqsvc.exe
O87 - FAEL: "MSMQ-Out-UDP" | Out - None - P17 - TRUE | .(.Microsoft Corporation - Message Queuing Service.) -- C:\Windows\system32\mqsvc.exe
O87 - FAEL: "{72867BDD-CBED-4B0C-AA29-2D01A2450178}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX10.864\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{422595D2-91CC-46AE-946E-9BC4734E4193}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX04.288\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{A3DDD52B-B802-4842-9139-24945D9AA1A7}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX28.048\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{23C745D5-92C9-4741-8D62-1AB22BD2E4AE}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX19.480\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{EE98717D-98E2-41BC-BD26-81FB1D49933B}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX52.064\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{B861ACBD-859A-462A-8CBB-8FDADE558AF1}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX64.896\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{9DEF58CC-AB47-42DE-8C39-09FBF3CF955E}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX04.504\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{FA7C2EA4-6E81-415D-8850-A21E93E11B5F}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX33.800\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{5B2AF4D4-20AA-4E18-944C-BA59BFEAC273}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX19.648\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{2B1BA7A5-080F-45D4-BCE6-EE4F5E32C28C}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX26.616\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{EEE5404E-4AF6-417F-843D-C90D1F2CA950}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX75.728\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{0B3A59ED-340D-44F3-A993-EB0B5D88814A}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX82.600\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{991ED603-0004-4DF8-8B1C-54FC53611EC7}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX66.600\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{9C9B2C6E-DF3C-48FB-B7CE-1E9AACC753C4}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX72.600\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{DE217339-F210-42F3-B1A8-811EFE4089F1}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX34.744\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{726F3171-C703-4FF0-87AB-76A8D663F2D8}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX00.624\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{99639B6B-E752-4D28-8074-142EADFCC53F}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX89.688\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{7DE319BB-3B29-4763-85A5-CA93DB285E5B}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX56.376\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{388850A0-3700-4367-A896-627FBEDC1314}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX13.512\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{6559B2F1-B72C-4BBF-9D22-E6489BA1FF8D}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX30.728\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{2F1C3224-4D5B-4E1B-AF34-EBC992909E49}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX36.200\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{D27D7992-0087-4EDC-8CEF-67632B30A494}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX99.904\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{7F30E3F4-BEF1-4652-8E3B-0499999213D4}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX64.256\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{B34018F2-BAEF-4BA5-B997-2DF303191CEC}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX46.248\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{07911567-E4AF-4CDF-97C6-509A7EB403FB}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX24.248\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{8C8A994B-9410-4CF4-8503-3BF6B665BF8C}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX09.432\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{7BE5CBA8-742A-4676-A2A0-9B31242F62F1}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX78.496\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{2C0316DF-BD98-4D5B-A275-5FF4CD21654E}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX54.232\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{45272AE3-A9CB-4D59-AB9E-71302E280478}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX02.912\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{A5E0DD03-16DA-4ED9-81A5-140D5EC43E89}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX32.096\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{599ABF58-9509-402B-BC64-7EF5A84C21B8}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX46.968\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{5B14DA83-8FB4-499E-B753-ACC86311668C}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX92.384\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{CF6D9CC3-5333-4682-B668-70A983478141}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX29.872\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{E2DB4804-6FF6-48A9-8B97-CDD7474AA3AD}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX88.592\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{F51BF38A-BCEE-41BA-9A52-69B39C5BEE5A}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX04.120\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{A0BBDB94-631B-4CE6-9F7F-C91FBB4CFFE8}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX45.496\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{3590279A-E320-406C-BEA3-90A3D244381C}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX20.472\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{14987D28-1AC7-4801-82CD-B56C14C2041B}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX75.472\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{64FDDE9D-5983-4FE2-BB22-37427EBB9C32}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX25.872\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{E612863B-5494-4EE0-B351-43655A46B404}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX79.920\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{C07DC462-00FB-4179-AD4B-F80B5DE8EF0F}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX08.608\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{C3E93041-EA96-483D-A1EA-DE8F2418346C}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX39.984\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{74B2F63A-9EEC-48B7-A92D-BFA0B3AFF34F}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX54.456\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{A9DBFEF1-E2B6-4E78-B8E9-2E2427FECE8E}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX71.592\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{365E9FE2-BD92-4E49-AA6F-20A9EB15F935}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX50.408\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{CE423650-5AD7-4362-AC89-76FB50CB4D15}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX45.208\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{4600E283-0122-4F74-956E-037731FEC82B}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX65.784\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{E86D66F2-591A-4A7E-936F-BD1FD06B8BE7}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX30.088\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{A20CF8F8-1BF1-4A89-B003-B869B5551F11}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX16.952\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{09DED43D-F979-43FC-9177-21F65D5844C2}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX35.376\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{C2229AE6-20F1-4808-99EF-6C15D4D6434C}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX07.552\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{DEFA097D-1C58-4749-8131-A5F09BCF2F56}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX47.960\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{389AA702-4675-4696-B2FC-451EC1F76DE2}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX95.608\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{B1861807-90F0-4256-B795-D483E20F1C06}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX76.120\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{0059466F-84F0-461D-A637-D5C648C2D9C5}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX50.328\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{91D745E8-51B8-453D-873C-6CF2EAA1C208}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX86.128\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{F0B84A3D-67DD-40E3-8C23-F9A586075026}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX04.856\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{E05E7967-FC66-4F2F-ACF6-9F596CC714D6}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX07.376\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{0F0C133C-BC8D-4CA1-BC62-E1DD592A7A84}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX92.376\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{DDDEE03F-1F76-40AC-A495-BA09C4205291}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX29.920\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{D948090E-4D98-433A-8EE4-1DB7AD7E0BA7}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX25.296\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{DFE1398F-BB60-42F2-93B3-951D2D527265}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX70.176\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{C784EEBC-4BE2-4146-AD6D-5EA6A3E59AFB}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX29.400\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{4BA35040-C759-4335-A181-483AE782E2F0}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX92.992\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{B2C65D78-D423-4707-B5B5-2D3F05F47D49}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX12.736\FrozenWay 1.6.2\FrozenWay.exe (.not file.)
O87 - FAEL: "{14EE1D21-1BCC-417B-96C7-00A4F5E46E4D}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX96.496\FrozenWay 1.6.3\FrozenWay.exe (.not file.)
O87 - FAEL: "{434BFB14-51C9-421E-B0FC-777EC12D9F7E}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX09.712\FrozenWay 1.6.3\FrozenWay.exe (.not file.)
O87 - FAEL: "{FB0C9034-CBCA-41A3-821D-D39174A39578}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX20.616\FrozenWay 1.6.3\FrozenWay.exe (.not file.)
O87 - FAEL: "{841D543E-9175-49C9-8BD8-672FCA188F7D}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX83.648\FrozenWay 1.6.3\FrozenWay.exe (.not file.)
O87 - FAEL: "{994BAE4A-4236-45F1-8644-84C9490827A4}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX97.800\FrozenWay 1.6.3\FrozenWay.exe (.not file.)
O87 - FAEL: "{A96B168C-600E-4B80-9942-0E50A6E64910}" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{01A26EFF-039B-4B72-BB4F-DD532679C082}" | Out - Public - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{4C0DCBEB-5261-4247-8E79-C760F5B887A0}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX23.576\FrozenWay 1.6.3\FrozenWay.exe (.not file.)
O87 - FAEL: "{1375B4C2-23BC-4D1A-9C35-F77DAA642F92}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX78.832\FrozenWay 1.6.3\FrozenWay.exe (.not file.)
O87 - FAEL: "{CF9CBEA0-EBEB-4813-90C7-F782C00C8312}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX28.192\FrozenWay 1.6.3\FrozenWay.exe (.not file.)
O87 - FAEL: "{3775E8E9-64B8-4B65-9A8C-BA4D6447C3C0}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX06.416\FrozenWay 1.6.3\FrozenWay.exe (.not file.)
O87 - FAEL: "{CE80A63B-8112-4AB9-9733-C2E8A35D2365}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX38.424\FrozenWay 1.6.3\FrozenWay.exe (.not file.)
O87 - FAEL: "{664EE83B-C992-4A9A-B56F-F6374FC3FB65}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX32.040\FrozenWay 1.6.3\FrozenWay.exe (.not file.)
O87 - FAEL: "{D82F1E45-B74A-4E5B-8D34-DD8292D5D9D2}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX89.024\FrozenWay 1.6.3\FrozenWay.exe (.not file.)
O87 - FAEL: "{4724C654-CFDF-44B9-9050-A39DA5DE7A9A}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX68.408\FrozenWay 1.6.3\FrozenWay.exe (.not file.)
O87 - FAEL: "{14C29A5A-2DFB-4959-BC6B-E3A5DBEFA6BB}" |In - Public - P6 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (.not file.)
O87 - FAEL: "{C74D6FF0-821E-4199-8F7B-3F2A605DF3BC}" |In - Public - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (.not file.)
O87 - FAEL: "{5B2B4322-80FD-493C-A2A2-23CF1EF86208}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX32.392\FrozenWay 1.6.3\FrozenWay.exe (.not file.)
O87 - FAEL: "{0B60913C-807A-4664-B1BA-B39C335882BC}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX02.624\FrozenWay 1.6.3\FrozenWay.exe (.not file.)
O87 - FAEL: "{64DCA033-6899-49FC-91DB-D7CEC66F4AF1}" | In - Public - P6 - TRUE | .(.Valve Corporation - Steam Client Bootstrapper (buildbot_winslave04_steam_steam_rel_client_win.) -- C:\Program Files (x86)\Steam\Steam.exe
O87 - FAEL: "{F0553EFB-205B-4CE7-8489-EA7331D68AEE}" | In - Public - P17 - TRUE | .(.Valve Corporation - Steam Client Bootstrapper (buildbot_winslave04_steam_steam_rel_client_win.) -- C:\Program Files (x86)\Steam\Steam.exe
O87 - FAEL: "{3C8B0A53-3A2D-4D3B-B6C2-DE7B23313B0D}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Cracked Steam\Steam.exe (.not file.)
O87 - FAEL: "{B1BF4B0D-49C4-44A6-8625-796D3B3E354E}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Cracked Steam\Steam.exe (.not file.)
O87 - FAEL: "{508C15C6-CE49-4793-A96E-5B158159092B}" | In - Private - P6 - TRUE | .(.Valve Corporation - Steam Client Bootstrapper (buildbot_winslave04_steam_steam_rel_client_win.) -- C:\Program Files (x86)\Steam\Steam.exe
O87 - FAEL: "{9E54D77C-C181-42C1-90E9-8D3964260A5A}" | In - Private - P17 - TRUE | .(.Valve Corporation - Steam Client Bootstrapper (buildbot_winslave04_steam_steam_rel_client_win.) -- C:\Program Files (x86)\Steam\Steam.exe
O87 - FAEL: "{FC7FB00A-5090-4B1A-AACC-66CDA515AF45}" | In - Private - P6 - TRUE | .(.Valve Corporation - Steam Client Service (buildbot_winslave01_steam_rel_client_win32@winslave.) -- C:\Program Files (x86)\Steam\bin\SteamService.exe
O87 - FAEL: "{74AB7139-AB54-47C4-A087-D8B422E4306D}" | In - Private - P17 - TRUE | .(.Valve Corporation - Steam Client Service (buildbot_winslave01_steam_rel_client_win32@winslave.) -- C:\Program Files (x86)\Steam\bin\SteamService.exe
O87 - FAEL: "{C2986BD1-9A1B-4096-A6D6-B36492D208FD}" | In - Domain - P6 - FALSE | .(.Valve Corporation - Steam Client Service (buildbot_winslave01_steam_rel_client_win32@winslave.) -- C:\Program Files (x86)\Steam\bin\SteamService.exe
O87 - FAEL: "{516132F9-33F9-496F-B691-32E092ECD1E6}" | In - Domain - P17 - FALSE | .(.Valve Corporation - Steam Client Service (buildbot_winslave01_steam_rel_client_win32@winslave.) -- C:\Program Files (x86)\Steam\bin\SteamService.exe
O87 - FAEL: "{45710793-E08C-49BB-AA74-80FEA97D8D5B}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX65.864\FrozenWay 1.6.3\FrozenWay.exe (.not file.)
O87 - FAEL: "{9325008B-2067-45DA-B902-23DAA7B60E9D}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX88.768\FrozenWay 1.6.3\FrozenWay.exe (.not file.)
O87 - FAEL: "{397740D5-8EE1-4459-9D30-9EFAD2DC1351}" |In - None - P17 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX20.048\FrozenWay 1.6.3\FrozenWay.exe (.not file.)
O87 - FAEL: "{2120E63A-36C6-4E40-87DC-16B25E290050}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - �Torrent.) -- C:\Users\bertrand\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{AA08531D-621C-48B3-A6B9-2FF9EFC360D4}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - �Torrent.) -- C:\Users\bertrand\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{BAFDF15D-1F02-4E6D-B2C7-F3386ADE2DEE}" | In - Public - P6 - TRUE | .(.Microsoft Corporation - Microsoft SharePoint Workspace.) -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.exe
O87 - FAEL: "{F23559DF-BA30-4D50-8056-4A056484507A}" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Microsoft SharePoint Workspace.) -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.exe
O87 - FAEL: "{14AE847A-4555-40A8-A368-5CEF189291E3}" | In - Public - P6 - TRUE | .(.Microsoft Corporation - Microsoft OneNote.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.exe =>.Microsoft Corporation
O87 - FAEL: "{DE8F809E-8EEF-4139-BC0C-5938CF65206C}" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Microsoft OneNote.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.exe =>.Microsoft Corporation
O87 - FAEL: "{FD9AD765-90B3-433E-9C08-F66D4A13C3AD}" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files (x86)\Microsoft Office\Office14\outlook.exe
O87 - FAEL: "{FCFD7A4B-B3B1-455A-B4EF-F618A4AB76F9}" | In - None - P6 - FALSE | .(.Microsoft Corporation - SMSvcHost.exe.) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
O87 - FAEL: "{8E72B6AC-C062-486C-9375-99BF77455EAE}" |In - None - P6 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX33.224\FrozenWay 1.6.3\FrozenWay.exe (.not file.)
O87 - FAEL: "{2C912730-21DB-46BF-BF40-5EED62014D65}" |In - None - P6 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX29.472\FrozenWay 1.6.3\FrozenWay.exe (.not file.)
O87 - FAEL: "{DE5E2ADC-15C0-4648-907C-8A7B80DBCD82}" |In - None - P6 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX03.056\FrozenWay 1.6.3\FrozenWay.exe (.not file.)
O87 - FAEL: "{195836C3-627D-438A-ABE7-1FE163DC487F}" |In - None - P6 - TRUE | .(...) -- C:\Users\bertrand\AppData\Local\Temp\Rar$EX46.000\FrozenWay 1.6.3\FrozenWay.exe (.not file.)
O87 - FAEL: "{7C7E816B-B381-487A-AE56-29713CB7CB8D}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\BitLord 2\Bitlord files\bitlord.exe (.not file.) =>Adware.WhenUSave
O87 - FAEL: "{864B264A-BD67-491F-9718-7C8734799DE7}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\BitLord 2\Bitlord files\bitlord.exe (.not file.) =>Adware.WhenUSave
O87 - FAEL: "{DDD74951-1E81-411E-A453-54BB38D5AB33}" | In - Public - P6 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
O87 - FAEL: "{E2E7BE39-0EF9-45DF-9223-8F86EBC7E6D6}" | In - Public - P17 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
O87 - FAEL: "{A8D33C01-7AE2-4936-86C9-A49E81C70DEF}" | In - Public - P6 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O87 - FAEL: "{5B6AEFBD-8DC0-4F7F-B966-506B26B740E0}" | In - Public - P17 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O87 - FAEL: "{49D98F65-1999-4962-A02D-82899452201D}" | In - Private - P6 - TRUE | .(.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O87 - FAEL: "{61470796-53B5-4174-A132-6EC539F19AB3}" | In - Private - P17 - TRUE | .(.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O87 - FAEL: "{3E9E4BFA-30BD-4F31-A40E-5DED0243AB90}" | In - Domain - P6 - FALSE | .(.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O87 - FAEL: "{C41609F5-9E5C-46D7-A622-CD6174A2DA20}" | In - Domain - P17 - FALSE | .(.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O87 - FAEL: "TCP Query User{132F3B55-77DD-46A9-A66E-F3029460A573}C:\users\bertrand\appdata\local\temp\rar$ex27.032\assassin's creed brotherhood\acbsp.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\bertrand\appdata\local\temp\rar$ex27.032\assassin's creed brotherhood\acbsp.exe (.not file.)
O87 - FAEL: "UDP Query User{0B9E73B3-C1B1-4D33-A0D3-DD8E3B552338}C:\users\bertrand\appdata\local\temp\rar$ex27.032\assassin's creed brotherhood\acbsp.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\bertrand\appdata\local\temp\rar$ex27.032\assassin's creed brotherhood\acbsp.exe (.not file.)
O87 - FAEL: "{27F43881-5D3F-4F60-82B9-97331228B187}" | In - Private - P6 - TRUE | .(.www.mipony.net - Mipony.) -- C:\Program Files (x86)\MiPony\MiPony.exe
O87 - FAEL: "{EC27CE94-81EC-4DC6-A76C-5B83011FB151}" | In - Private - P17 - TRUE | .(.www.mipony.net - Mipony.) -- C:\Program Files (x86)\MiPony\MiPony.exe
O87 - FAEL: "{4FB30F82-624D-4D98-9B2C-134E72C55230}" | In - Domain - P6 - FALSE | .(.www.mipony.net - Mipony.) -- C:\Program Files (x86)\MiPony\MiPony.exe
O87 - FAEL: "{13911FC7-FD44-4603-BA68-92EE257E0E3F}" | In - Domain - P17 - FALSE | .(.www.mipony.net - Mipony.) -- C:\Program Files (x86)\MiPony\MiPony.exe
~ Firewall: 399 Scanned in 00mn 04s



---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "00004159070000000000000000F01FEC" . (.Microsoft Office 2010.) -- C:\Windows\Installer\{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe
O90 - PUC: "0694AF70830BBE9498B1F95939A05A44" . (.HP Customer Experience Enhancements.) -- C:\Windows\Installer\{07FA4960-B038-49EB-891B-9F95930AA544}\ARPPRODUCTICON.exe
O90 - PUC: "076CFAAAB965F2A4284B2449E5D03EFE" . (.Windows Live Writer.) -- C:\Windows\Installer\{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}\ApplicationIcon.ico
O90 - PUC: "078F369757562E114A9D0FD42AA3C585" . (.Vegas Pro 12.0 (64-bit).) -- C:\Windows\Installer\{7963F870-6575-11E2-A4D9-F04DA23A5C58}\vegas.ico
O90 - PUC: "0C7EC0FA4E3A37D489B82B1978CEE6A9" . (.QuickTime.) -- C:\Windows\Installer\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}\Installer.ico
O90 - PUC: "0C8037F5FF65A5143BC4449AA098A259" . (.Catalyst Control Center - Branding.) -- C:\Windows\Installer\{5F7308C0-56FF-415A-B34C-44A90A892A95}\ARPPRODUCTICON.exe
O90 - PUC: "1038C85769625584FA5435B4210089A0" . (.Samsung Kies.) -- C:\Windows\Installer\{758C8301-2696-4855-AF45-534B1200980A}\ARPPRODUCTICON.exe
O90 - PUC: "11F12B5E3396B0E42AC597363E0CD711" . (.Windows Live Messenger.) -- C:\Windows\Installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}\MsblIco.Exe
O90 - PUC: "1800819049C276A4E85548380C917C2D" . (.Microsoft Encarta 2009 - Collection.) -- C:\Windows\Installer\{09180081-2C94-4A67-8E55-8483C019C7D2}\ENC.ICO
O90 - PUC: "1D034B0FAA6BD374B960AAD30DF10D8B" . (.Microsoft SQL Server 2005 Compact Edition [ENU].) -- C:\Windows\Installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}\ProductIcon
O90 - PUC: "28494330FE17131088041AFF460C8380" . (.AMD Drag and Drop Transcoding.) -- C:\Windows\Installer\{03349482-71EF-0131-8840-A1FF64C03808}\ARPPRODUCTICON.exe
O90 - PUC: "2C1A65825C073CE4FA7F5E5BE155032A" . (.HP Client Services.) -- C:\Windows\Installer\{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}\ARPPRODUCTICON.exe
O90 - PUC: "46B5A9879DD95AB419A50FCFA0B1B7EF" . (.Apple Software Update.) -- C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\Installer.ico =>.Apple Inc
O90 - PUC: "46E5DCBD973784644944A85685CD6B41" . (.HP Recovery Manager.) -- C:\Windows\Installer\{DBCD5E64-7379-4648-9444-8A6558DCB614}\_6FEFF9B68218417F98F549.exe
O90 - PUC: "590539404FED744FC2313A9C781C04A7" . (.AMD VISION Engine Control Center.) -- C:\Windows\Installer\{04935095-DEF4-F447-2C13-A3C987C1407A}\ARPPRODUCTICON.exe
O90 - PUC: "613623D632CACE005D18DF33371FEC71" . (.AMD Catalyst Install Manager.) -- C:\Windows\Installer\{6D326316-AC23-00EC-D581-FD3373F1CE17}\ARPPRODUCTICON.exe
O90 - PUC: "68AB67CA7DA7FFFFB744AA0000000010" . (.Adobe Reader X (10.1.8) MUI.) -- C:\Windows\Installer\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\SC_Reader.ico
O90 - PUC: "701043F6AA9F6C745BC43C1AF91155F3" . (.Hewlett-Packard ACLM.NET v1.1.2.0.) -- C:\Windows\Installer\{6F340107-F9AA-47C6-B54C-C3A19F11553F}\ARPPRODUCTICON.exe
O90 - PUC: "7692FC6BE18C0C0489510C7547EF1F02" . (.Skype Click to Call.) -- C:\Windows\Installer\{B6CF2967-C81E-40C0-9815-C05774FEF120}\IconUninstallIco
O90 - PUC: "7B65D4CC81F6B0747843BADC57CB4F1F" . (.HP Auto.) -- C:\Windows\Installer\{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}\ARPPRODUCTICON.exe
O90 - PUC: "7B6CCF935FFF57045A8E5BECDB453C13" . (.HP Documentation.) -- C:\Windows\Installer\{39FCC6B7-FFF5-4075-A5E8-B5CEBD54C331}\NotebookDocs.exe
O90 - PUC: "7C43C21609E58D74B9C5F017D78D7262" . (.swMSM.) -- C:\Windows\Installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726}\ARPPRODUCTICON.exe
O90 - PUC: "883658EADAFA357418FD9DB6910D1AC7" . (.Compaq Setup Manager.) -- C:\Windows\Installer\{AE856388-AFAD-4753-81DF-D96B19D0A17C}\ARPPRODUCTICON.exe
O90 - PUC: "8994BF104C33134458DE70E9E3FE7ED5" . (.YouCam.) -- C:\Windows\Installer\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\ARPPRODUCTICON.exe
O90 - PUC: "8D4D77630E5ECF948BE66045C10FB0EB" . (.opensource.) -- C:\Windows\Installer\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}\ARPPRODUCTICON.exe
O90 - PUC: "8EC9BCAF4555FD6945E7D3CECB07CCD0" . (.Catalyst Control Center Localization All.) -- C:\Windows\Installer\{FACB9CE8-5554-96DF-547E-3DECBC70CC0D}\ARPPRODUCTICON.exe
O90 - PUC: "A8A7A93D9854373E59A9B22E5BDF9C50" . (.Catalyst Control Center InstallProxy.) -- C:\Windows\Installer\{D39A7A8A-4589-E373-959A-2BE2B5FDC905}\ARPPRODUCTICON.exe
O90 - PUC: "B846977CE014ABB47BB58551CBFE7ED1" . (.Safari.) -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\Installer.ico
O90 - PUC: "BAE2CF786E7B40D4EBA66433F037167C" . (.MySQL Server 5.1.) -- C:\Windows\Installer\{87FC2EAB-B7E6-4D04-BE6A-46330F7361C7}\MySQLServer.exe
O90 - PUC: "BF85DF6A3DE0A5B8837B33D26039EC24" . (.AMD Media Foundation Decoders.) -- C:\Windows\Installer\{A6FD58FB-0ED3-8B5A-38B7-332D0693CE42}\ARPPRODUCTICON.exe
O90 - PUC: "C0A3CA27644CC752F0440B82C0817AF2" . (.AMD Accelerated Video Transcoding.) -- C:\Windows\Installer\{72AC3A0C-C446-257C-0F44-B0280C18A72F}\ARPPRODUCTICON.exe
O90 - PUC: "C953167FDEC9EA54A915D96650DC554C" . (.Evernote v. 4.2.3.) -- C:\Windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico
O90 - PUC: "CDDFC5B4A07042A4BB2042840E73F5E8" . (.Ma-Config.com (64 bits).) -- C:\Windows\Installer\{4B5CFDDC-070A-4A24-BB02-2448E0375F8E}\maconfico
O90 - PUC: "CE328C561080748CE025479EAD0CEE1D" . (.ccc-utility64.) -- C:\Windows\Installer\{65C823EC-0801-C847-0E52-74E9DAC0EED1}\ARPPRODUCTICON.exe
O90 - PUC: "D276F30548C6A844F8F8B43CA58C4314" . (.AMD APP SDK Runtime.) -- C:\Windows\Installer\{503F672D-6C84-448A-8F8F-4BC35AC83441}\ARPPRODUCTICON.exe
O90 - PUC: "D4443CC4972738E489F4819E7A2B8E30" . (.Oracle VM VirtualBox 4.2.16.) -- C:\Windows\Installer\{4CC3444D-7279-4E83-984F-18E9A7B2E803}\IconVirtualBox
O90 - PUC: "D7314F9862C648A4DB8BE2A5B47BE100" . (.Microsoft Silverlight.) -- c:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ARPIcon
O90 - PUC: "E1445AFB6E7B5F641AD5B14707A79EA3" . (.ACID Pro 7.0.) -- C:\Windows\Installer\{BFA5441E-B7E6-46F5-A15D-1B74707AE93A}\acid70.ico
O90 - PUC: "E7FF67E4ABEA78C47B88DC745E24B5D9" . (.Skype� 6.6.) -- C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
O90 - PUC: "EDE8C96D5CBBB634E8E05C6A3D11FCF4" . (.Microsoft XNA Framework Redistributable 4.0 Refresh.) -- C:\Windows\Installer\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}\ProductIcon
O90 - PUC: "F9DD3C2868CD92F166D7F2F4DA5A1BEF" . (.AMD Fuel.) -- C:\Windows\Installer\{82C3DD9F-DC86-1F29-667D-2F4FADA5B1FE}\ARPPRODUCTICON.exe
O90 - PUC: "FA9D7E5F6F0603A4783EE49AD423C21E" . (.HP Setup.) -- C:\Windows\Installer\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}\ARPPRODUCTICON.exe
~ Update Products: 162 Scanned in 00mn 00s



---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.669054842BD4BC0694D0369429905BE6] [WIS][13/03/2009] (.Pictures Digital Inc. - ACID Pro 7.0.) -- C:\Windows\Installer\16540f06.msi [14712320]
[MD5.D2F34AF196CCAF29A124324392FC3DFF] [WIS][29/06/2013] (.Valve Corporation - Steam.) -- C:\Windows\Installer\1720ed4e.msi [8532992]
[MD5.45FB01B69A347EF163D28724B8778A66] [WIS][23/05/2013] (.MySQL AB - MySQL Database Server.) -- C:\Windows\Installer\17ec3.msi [87075328]
[MD5.60685613DC0023FB6D67BF7F903549E1] [WIS][16/09/2013] (.Skype Technologies S.A. - Skype Click to Call.) -- C:\Windows\Installer\29377318.msi [10571776]
[MD5.195E41C289B96DF9075FA2A181313542] [WIS][15/12/2012] (.TechSmith Corporation - Camtasia Studio.) -- C:\Windows\Installer\690f8f4.msi [200297472]
[MD5.691A2530C8F485E0BB4D92A40B0E2EA4] [WIS][09/10/2012] (.Stardock Corporation - IconPackager Setup.) -- C:\Windows\Installer\cf1443.msi [366592]
[MD5.73122534D527893BDEFD1F707FFB34F6] [WIS][06/09/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\f2cc8aa.msi [21803008]
~ WIS: 163 Scanned in 00mn 30s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 09/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 18/11/2009 98208 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
SS - | Disabled 10/07/1658 0 | (AIPS) . (...) - C:\Program Files (x86)\netcut\services\AIPS.exe
SR - | Auto 15/08/2012 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 15/08/2012 361984 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SR - | Auto 10/07/1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe =>.EasyBits Software AS
SS - | Auto 08/10/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 08/10/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/05/2011 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 10/07/1658 0 | (HP Support Assistant Service) . (...) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 11/10/2010 346168 | (HPClientSvc) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
SS - | Demand 10/07/1658 0 | (hpqwmiex) . (...) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 07/04/2010 127800 | (HPSIService) . (.HP.) - C:\Windows\system32\HPSIsvc.exe
SR - | Auto 29/05/2012 2445968 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SS - | Demand 28/10/2012 427976 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\x64\maconfservice.exe
SS - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SS - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 30/09/2013 118680 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 23/05/2013 9260 | (MySQL) . (...) - C:\Program Files (x86)\MySQL\MySQL Server 5.1\my.ini
SS - | Demand 10/07/1658 0 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\system32\GameMon.des
SR - | Auto 16/09/2013 3273088 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SS - | Auto 21/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 25/02/2013 543144 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SR - | Auto 31/08/2012 2754984 | (TeamViewer7) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 31s



---\\ Search Master Boot Record Infection (MBR)(O80)
Run by bertrand at 13/10/2013 15:24:58
~ OS 64 not supported by MBR tool
~ MBR: 0 Scanned in 00mn 00s



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by bertrand at 13/10/2013 15:25:00

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 12946 - (12/10/2013)
Cl�s trouv�es (Keys found) : 11
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 3
Fichiers trouv�s (Files found) : 3

[HKLM\Software\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb] =>Toolbar.Babylon^
[HKLM\Software\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh] =>Adware.WebCake^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BitLord] =>Adware.WhenUSave^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\NTRedirect] =>Hijacker.BabSolution^
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Classes\Interface\{db885111-f39f-4d88-9ee5-c88460b6df7b}] =>Adware.Agent
[HKLM\Software\Wow6432Node\Classes\Interface\{db885111-f39f-4d88-9ee5-c88460b6df7b}] =>Adware.Agent
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bitlord] =>Adware.WhenUSave
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211771193}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110211771193}] =>PUP.CrossRider
C:\Users\bertrand\AppData\Local\MediaGet2 =>PUP.MediaGet^
C:\Program Files (x86)\FK_Monitor =>Keylogger.FreeKeylogger
C:\Users\bertrand\AppData\Roaming\FK_Monitor =>Keylogger.FreeKeylogger
C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb =>Toolbar.Babylon^
C:\Users\bertrand\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh =>Adware.WebCake^
C:\Users\bertrand\AppData\Roaming\bitlord_log.txt =>Adware.WhenUSave^
~ Additionnel Scan: 355747 Items scanned in 00mn 54s



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/27285539-adware-webcake =>Adware.WebCake
~ http://nicolascoolman.webs.com/apps/blog/show/27232411-hijacker-proxy =>Hijacker.Proxy
~ http://nicolascoolman.webs.com/apps/blog/show/27456165-adware-relevantknowledge =>Adware.RelevantKnowledge
~ http://nicolascoolman.webs.com/apps/blog/show/28701901-adware-whenusave =>Adware.WhenUSave
~ http://nicolascoolman.webs.com/apps/blog/show/28151468-pup-mediaget =>PUP.MediaGet
~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution
~ http://nicolascoolman.webs.com/apps/blog/show/30898245-toolbar-skype =>Toolbar.Skype
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ MSI: 9 link(s) detected in 00mn 54s



End of the scan (2556 lines in 15mn 54s)(12)

Publicité


Signaler le contenu de ce document

Publicité