~ Rapport de ZHPDiag v2013.9.16.36 - Nicolas Coolman  (19/09/2013)
~ Lancé par Anne (21/09/2013 10:14:01)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version : 
~ Liste blanche : Désactivée par l'utilisateur
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
GCIE: Google Chrome

---\\ Informations sur les produits Windows
~ Langage: Français
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client FR-FR Language Pack v2.1.1116.0

---\\ Logiciels d'optimisation du système
CCleaner v3.28 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 21

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2013 MB (30% free)
System Restore: Activé (Enable)
System drive C: has 7 GB (17%) free of 39 GB

---\\ Mode de connexion au système
~ Computer Name: ANNE-9A0F986606
~ User Name: Anne
~ All Users Names: SUPPORT_388945a0, HelpAssistant, ASPNET, Anne, Administrateur, 
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\Anne\Application Data\
~ %Desktop% : C:\Documents and Settings\Anne\Bureau\
~ %Favorites% : C:\Documents and Settings\Anne\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Anne\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Anne\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumération des unités disques
C:\ Hard drive, Flash drive, Thumb drive (Free 7 Go of 39 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Hard drive, Flash drive, Thumb drive (Free 353 Go of 427 Go)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime :  OK
~ Security Center: 30 Scanned in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.EA7AB3839BE1FFE067A8131F3547160D] - (.Microsoft Corporation - Internet Extensions for Win32.) (.08/08/2013 - 07:05:46.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 19:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 4/45
~ Mes musiques (My Musics) : 34/103
~ Mes Videos (My Videos) : 0/22
~ Mes Favoris (My Favorites) : 1/209
~ Mes Documents (My Documents) : 3/312
~ Mon Bureau (My Desktop) : 2/36
~ Menu demarrer (Programs) : 0/46
~ Hidden Files:  Scanned in 00mn 00s



---\\ Processus lancés
[MD5.37F77AEBFF23A99D1BFB4F34CD2D07F2] - (.Microsoft Corporation - Antimalware Service Executable.) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe   [22208] [PID.1052]
[MD5.3DEBBECF665DCDDE3A95D9B902010817] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe   [55144] [PID.116]
[MD5.F770104B0640417B2499E93BDD38D7E6] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe   [178712] [PID.616]
[MD5.66847E8BFDF5370F9B3300EF46A6AE88] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe   [150040] [PID.676]
[MD5.2D89ABAC9D439ABAD1E427A467F0687D] - (...) -- C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe   [2845152] [PID.896] =>PUP.BitGuard
[MD5.0D5720BAA4FD121A0183D408FCE307FB] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe   [256536] [PID.1000]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe   [253816] [PID.1032]
[MD5.225518F190EDBC37CA32197A3E94B498] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\program files\real\realplayer\update\realsched.exe   [295512] [PID.1044]
[MD5.8E9DCDEF0EE60CB92A8F6F2E84A1A2F4] - (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe   [353736] [PID.1236]
[MD5.5739F2821D49975CEDE6BF0153D0CF01] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe   [181664] [PID.1788]
[MD5.2333057542C91AE8228BDCCC2E5F2632] - (.Logitech Inc. -  LVPrcSrv Module..) -- C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcSrv.exe   [162648] [PID.1924]
[MD5.E13EA4860E8F2AA845B53BFD2B6FEC5B] - (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe   [1695232] [PID.2156]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe   [418376] [PID.2296]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe   [701512] [PID.2716]
[MD5.B2D01290C0E0465ACA54C2088E947823] - (...) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe   [39056] [PID.2984]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe   [532040] [PID.3216]
[MD5.EFEF22B9577E5051057FDE1AE381B50C] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe   [92592] [PID.3340]
[MD5.4B40224E3F247AE9D11001C1183BC840] - (.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe   [255432] [PID.3640]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe   [638816] [PID.1880]
[MD5.013CBC83D1C8131EB623567EF4D3FFCC] - (.RealNetworks, Inc. - RealDownloader.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe   [233048] [PID.1196]
[MD5.35D6CAAA9E4D82974A74DBDB53801F98] - (.VER_COMPANY_NAME - VER_DESCRIPTION.) -- C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe   [30096] [PID.3824] =>Adware.Allin1Convert
[MD5.A39FD864F89F77A3DA2679F135AB7A67] - (...) -- C:\Program Files\Allin1Convert_8h\bar\1.bin\CrExtP8h.exe   [1370184] [PID.1224] =>Adware.Allin1Convert
[MD5.39D3D1F2DB8D1DC22732482E86ED915D] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [7974912] [PID.5916]
[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\windows\System32\alg.exe   [44544] [PID.3928]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\Anne\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\0\prefs.js
C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\extensions\prefs.js (.not file.)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
P2 - FPN: [HKLM] [@Allin1Convert_8h.com/Plugin] - (.MindSpark - MindSpark Toolbar Platform Plugin Stub for 32-bit Windows.) -- C:\Program Files\Allin1Convert_8h\bar\1.bin\NP8hStub.dll =>Adware.Allin1Convert
P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=10.21.2] - (.Oracle Corporation - Next Generation Java Plug-in 10.21.2 for Mozilla browsers.) -- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.20513.0.) -- C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8117.0416] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@real.com/nppl3260;version=16.0.2.32] - (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- c:\program files\real\realplayer\Netscape6\nppl3260.dll
P2 - FPN: [HKLM] [@real.com/nprndlchromebrowserrecordext;version=1.3.2] - (.RealNetworks, Inc. - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In.) -- C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
P2 - FPN: [HKLM] [@real.com/nprndlhtml5videoshim;version=1.3.2] - (.RealNetworks, Inc. - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In.) -- C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
P2 - FPN: [HKLM] [@real.com/nprndlpepperflashvideoshim;version=1.3.2] - (.RealNetworks, Inc. - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In.) -- C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
P2 - FPN: [HKLM] [@real.com/nprpplugin;version=16.0.2.32] - (.RealPlayer - RealPlayer Download Plugin.) -- c:\program files\real\realplayer\Netscape6\nprpplugin.dll
P2 - FPN: [HKLM] [@realnetworks.com/npdlplugin;version=1] - (.RealDownloader - RealDownloader Plugin.) -- C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 11.0.04.) -- C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited - Facebook Video Calling Plugin.) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
~ Firefox Browser: 16 Scanned in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.fr
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://kogoa.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://www2.delta-search.com =>Toolbar.DeltaSearch
R3 - URLSearchHook: (no name) - {5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} . (.Skype Limited - Facebook Video Calling Plugin.) (No version) -- (.not file.)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Skype Limited - Facebook Video Calling Plugin.) (No version) -- (.not file.)
~ IE Browser: 12 Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys:  Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 4



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} . (.RealDownloader - RealPlayer Download and Record Plugin.) -- C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Clé orpheline
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Assistant BHO - {a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} . (.MindSpark - MindSpark Search Assistant.) -- C:\Program Files\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll =>Adware.Allin1Convert
O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} . (.Delta-search.com - Pas de description.) -- C:\Program Files\Delta\delta\1.8.24.6\bh\delta.dll =>Toolbar.DeltaSearch
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Toolbar BHO - {fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} . (.MindSpark - MindSpark Toolbar Platform.) -- C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbar.dll =>Adware.Allin1Convert
~ BHO: 16 Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Delta Toolbar - [HKLM]{82E1477C-B154-48D3-9891-33D83C26BCD3} . (.Delta-search.com - Pas de description.) -- C:\Program Files\Delta\delta\1.8.24.6\deltaTlbr.dll =>Toolbar.DeltaSearch
O3 - Toolbar: Allin1Convert - [HKLM]{cd1a63ba-a08c-431b-9a34-f240aadc728d} . (.MindSpark - MindSpark Toolbar Platform.) -- C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbar.dll =>Adware.Allin1Convert
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{CD1A63BA-A08C-431B-9A34-F240AADC728D} Clé orpheline
~ Toolbar:  Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [AllUsers]: Adobe Reader XI.lnk . (...)  -- C:\windows\Installer\{AC76BA86-7AD7-1036-7B44-AB0000000001}\SC_Reader.ico 
O4 - GS\Program [AllUsers]: Apple Software Update.lnk . (...)  -- C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
O4 - GS\Program [AllUsers]: Audacity.lnk . (...)  -- C:\Program Files\Audacity\audacity.exe
O4 - GS\Program [AllUsers]: Enregistrement OCR I.R.I.S..lnk . (.I.R.I.S. SA - Registration Wizard for Readiris 5.0.)  -- C:\Program Files\HP\Digital Imaging\DocProc\regipe.exe 
O4 - GS\Program [AllUsers]: HD ADeck.lnk . (.VIA Technologies, Inc. - HDeck MFC Application.)  -- C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 
O4 - GS\Program [AllUsers]: IncrediMail.lnk . (.IncrediMail, Ltd. - IncrediMail Application.)  -- C:\Program Files\IncrediMail\Bin\IncMail.exe 
O4 - GS\Program [AllUsers]: Microsoft PowerPoint Viewer .lnk . (...)  -- C:\WINDOWS\Installer\{95140000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
O4 - GS\Program [AllUsers]: Microsoft Security Essentials.lnk . (.Microsoft Corporation - Microsoft Security Client User Interface.)  -- C:\Program Files\Microsoft Security Client\msseces.exe 
O4 - GS\Program [AllUsers]: NXPowerLite.lnk . (.Neuxpower Solutions Ltd - NXPowerLite - PowerPoint(tm) optimizer.)  -- C:\Program Files\NXPowerLite 2.4.1\NXPowerLite.exe 
O4 - GS\Program [AllUsers]: Switch Sound File Converter.lnk . (.NCH Software - Switch Sound File Converter.)  -- C:\Program Files\NCH Swift Sound\Switch\switch.exe 
O4 - GS\Program [AllUsers]: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.)  -- C:\Program Files\Messenger\msmsgs.exe 
O4 - GS\Program [AllUsers]: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.)  -- C:\Program Files\Movie Maker\moviemk.exe 
O4 - GS\Program [AllUsers]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag Setup.)  -- C:\Program Files\ZHPDiag\ZHPhep.exe 
O4 - GS\Program [Anne]: Assistance à distance.lnk . (.Microsoft Corporation - Assistance à distance Microsoft.)  -- C:\WINDOWS\system32\rcimlby.exe 
O4 - GS\Program [Anne]: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\Program [Anne]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\Program [Anne]: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.)  -- C:\Program Files\Outlook Express\msimn.exe 
O4 - GS\Program [Anne]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.)  -- C:\Program Files\Windows Media Player\wmplayer.exe 
~ Global Startup: 18 Scanned in 00mn 00s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe 
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe 
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe 
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe 
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe 
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe 
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\program files\real\realplayer\update\realsched.exe 
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe 
O4 - HKLM\..\Run: [Allin1Convert Search Scope Monitor] . (.MindSpark - MindSpark Toolbar Platform SearchScope Moni.) -- C:\Program Files\Allin1Convert_8h\bar\1.bin\8hSrchMn.exe =>Adware.Allin1Convert
O4 - HKLM\..\Run: [Allin1Convert_8h Browser Plugin Loader] . (.VER_COMPANY_NAME - VER_DESCRIPTION.) -- C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe =>Adware.Allin1Convert
O4 - HKCU\..\Run: [IncrediMail] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe 
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\windows\system32\ctfmon.exe 
O4 - HKCU\..\Run: [Liokpuse] . (...) -- C:\Documents and Settings\Anne\Application Data\Syab\ynpaq.exe 
O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe 
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe 
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe 
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe 
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- C:\Program Files\Fichiers communs\Microsoft Shared\DW\DWTRIG20.exe 
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe 
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe 
O4 - HKUS\S-1-5-21-1960408961-1214440339-1417001333-1002\..\Run: [IncrediMail] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe 
O4 - HKUS\S-1-5-21-1960408961-1214440339-1417001333-1002\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\windows\system32\ctfmon.exe 
O4 - HKUS\S-1-5-21-1960408961-1214440339-1417001333-1002\..\Run: [Liokpuse] . (...) -- C:\Documents and Settings\Anne\Application Data\Syab\ynpaq.exe 
O4 - HKUS\S-1-5-21-1960408961-1214440339-1417001333-1002\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe 
O4 - HKUS\S-1-5-21-1960408961-1214440339-1417001333-1002\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe 
O4 - HKUS\S-1-5-21-1960408961-1214440339-1417001333-1002\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe 
~ Application:  Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} -- C:\Program Files\PokerStars.FR\main.ico (.not file.)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - Broken Internet access because of LSP provider (.not file.) -- mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\windows\system32\winrnr.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Service client pour le fournisseur NetWare et DLL d'authentification.) -- C:\windows\system32\nwprovau.dll
~ Winsock: 4 Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} ((no name)) - http://assets.photobox.com/assets/v/ra3RgI_VSoCPalw7aL2ig_0fSS8.cab
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} ((no name)) - http://kitchenplanner.ikea.com/FR/Core/Player/2020PlayerAX_IKEA_Win32.cab
O16 - DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} ((no name)) - http://ua.foto.com/ImageUploader6.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1369923711968
O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} ((no name)) - http://www.smartphoto.fr/ExtraFilmUploader6.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E55B74AB-0B51-4BAE-A5B5-2531AB5EA4D9} ((no name)) - http://assets.photobox.com/assets/v/9wMLrL7vFWyhXJey6PFIGDYHwIs.cab
~ Objets ActiveX:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{61A13B51-5157-4C10-96A8-A5B1F84AB17C}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{61A13B51-5157-4C10-96A8-A5B1F84AB17C}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{61A13B51-5157-4C10-96A8-A5B1F84AB17C}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.dll
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll =>PUP.BitGuard
~ AppInit DLL:  Scanned in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\windows\system32\WPDShServiceObj.dll
~ SSODL: 5 Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Allin1ConvertService (Allin1Convert_8hService) . (.COMPANYVERS_NAME - PRODUCTVERS_TITLE.) - C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe =>Adware.Allin1Convert
O23 - Service: Apple Mobile Device (Apple Mobile Device) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BitGuard (BitGuard) . (...) - C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe =>PUP.BitGuard
O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Oracle Corporation - Java Quick Starter Service.) - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) . (.Logitech Inc. -  LVPrcSrv Module..) - C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service:  (MBAMScheduler) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service:  (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: RealNetworks Downloader Resolver Service (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TomTomHOMEService (TomTomHOMEService) . (.TomTom - Windows Service for TomTom HOME.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
~ Services: 11 Scanned in 00mn 13s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop Component 0: (no name) - file:file:///C:/DOCUME~1/Anne/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.exe
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Scanned in 00mn 00s



---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ BEX: 1 Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\Adobe Flash Player Updater.job   [1002]
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\AppleSoftwareUpdate.job   [284]
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\At1.job   [406]
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\BitGuard.job   [280] =>PUP.BitGuard
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\EPUpdater.job   [262]
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1960408961-1214440339-1417001333-1002Core.job   [972]
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1960408961-1214440339-1417001333-1002UA.job   [994]
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job   [1048]
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job   [1052]
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job   [400]
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1960408961-1214440339-1417001333-1002.job   [324]
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1960408961-1214440339-1417001333-1002.job   [298]
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1960408961-1214440339-1417001333-1002.job   [306]
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1960408961-1214440339-1417001333-1002.job   [276]
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1960408961-1214440339-1417001333-1002.job   [284]
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-1214440339-1417001333-1002.job   [276]
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-1214440339-1417001333-1002.job   [284]
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\switchShakeIcon.job   [276]
[MD5.24A0876D07EF356DCBC1D7A7929354AB] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe   [257416]
[MD5.34EBD4FF6A24D86BB4716D6AFCC1A89B] [APT] [AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files\Apple Software Update\SoftwareUpdate.exe   [561984]
[MD5.00000000000000000000000000000000] [APT] [At1] (...) -- C:\DOCUME~1\Anne\APPLIC~1\Dealply\UPDATE~1\UPDATE~1.exe (.not file.)   [0] =>PUP.DealPly
[MD5.F64487396AB10165DC80BC15CF854D31] [APT] [EPUpdater] (...) -- C:\Documents and Settings\Anne\Application Data\BabSolution\Shared\BabMaint.exe   [10320] =>Hijacker.BabSolution
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-1960408961-1214440339-1417001333-1002Core] (.Facebook Inc..) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe   [138096]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-1960408961-1214440339-1417001333-1002UA] (.Facebook Inc..) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe   [138096]
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe   [136176]
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe   [136176]
[MD5.013CBC83D1C8131EB623567EF4D3FFCC] [APT] [RealDownloaderDownloaderScheduledTaskS-1-5-21-1960408961-1214440339-1417001333-1002] (.RealNetworks, Inc..) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe   [233048]
[MD5.866EE842A198288A0F41F04E97930040] [APT] [RealDownloaderRealUpgradeLogonTaskS-1-5-21-1960408961-1214440339-1417001333-1002] (.RealNetworks, Inc..) -- C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe   [187984]
[MD5.866EE842A198288A0F41F04E97930040] [APT] [RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1960408961-1214440339-1417001333-1002] (.RealNetworks, Inc..) -- C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe   [187984]
[MD5.490D5ADBC56297DB10BC57496C14C357] [APT] [RealPlayerRealUpgradeLogonTaskS-1-5-21-1960408961-1214440339-1417001333-1002] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\realupgrade.exe   [187984]
[MD5.490D5ADBC56297DB10BC57496C14C357] [APT] [RealPlayerRealUpgradeScheduledTaskS-1-5-21-1960408961-1214440339-1417001333-1002] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\realupgrade.exe   [187984]
[MD5.490D5ADBC56297DB10BC57496C14C357] [APT] [RealUpgradeLogonTaskS-1-5-21-1960408961-1214440339-1417001333-1002] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\realupgrade.exe   [187984]
[MD5.490D5ADBC56297DB10BC57496C14C357] [APT] [RealUpgradeScheduledTaskS-1-5-21-1960408961-1214440339-1417001333-1002] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\realupgrade.exe   [187984]
[MD5.5251FBB6F3B019DB1B34D539798285DF] [APT] [switchShakeIcon] (.NCH Software.) -- C:\Program Files\NCH Swift Sound\Switch\switch.exe   [1200644]
~ Scheduled Task: 35 Scanned in 00mn 00s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Mise à jour de la version d’Internet Explorer - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} . (.Microsoft Corporation - IE Per User Active Setup Uninstall Utility.) -- C:\WINDOWS\system32\ieudinit.exe
O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Utilitaire d'installation du Lecteur Windows Media de Microsoft.) -- C:\windows\inf\unregmp2.exe
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitaire d’initialisation d’Internet Explorer par utilisateur.) -- C:\WINDOWS\system32\ie4uinit.exe.mui
O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - IEAK branding.) -- C:\WINDOWS\system32\iedkcs32.dll
O40 - ASIC: Outlook Express - >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} . (.Microsoft Corporation - Windows NT User Data Migration Tool.) -- C:\WINDOWS\system32\shmgrate.exe
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\windows\system32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\windows\system32\wmpdxm.dll
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API Windows Theme.) -- C:\WINDOWS\system32\themeui.dll
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Bibliothèque d'installation Outlook Express.) -- C:\Program Files\Outlook Express\setup50.exe
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (...) -- C:\WINDOWS\INF\msnetmtg.inf
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (...) -- C:\WINDOWS\INF\msmsgs.inf
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extension Shell dossier FTP Microsoft Internet Explorer..) -- C:\WINDOWS\system32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (...) -- C:\windows\INF\wmp11.inf
O40 - ASIC: Carnet d'adresses 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} . (.Microsoft Corporation - Bibliothèque d'installation Outlook Express.) -- C:\Program Files\Outlook Express\setup50.exe
O40 - ASIC: Mise à jour du Bureau Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d’initialisation d’Internet Explorer par utilisateur.) -- C:\WINDOWS\system32\ie4uinit.exe.mui
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\WINDOWS\system32\mscories.dll
O40 - ASIC: PixiePack Codec Pack 1.0.100.0 - {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} . (...) -- C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
O40 - ASIC: Macromedia Shockwave Flash - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 11.8 r800.) -- C:\windows\system32\Macromed\Flash\Flash32_11_8_800_175.ocx
O40 - ASIC: Installed Component - S-1-5-21-1960408961-1214440339-1417001333-1002 - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} -- Not Hexadécimal CLSID
O40 - ASIC: Installed Component - S-1-5-21-1960408961-1214440339-1417001333-1002 - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -- Not Hexadécimal CLSID
~ Active Setup: 22 Scanned in 00mn 00s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver:  (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys
O41 - Driver:  (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\WINDOWS\system32\DRIVERS\cdrom.sys
O41 - Driver:  (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver:  (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\WINDOWS\system32\DRIVERS\imapi.sys
O41 - Driver:  (intelppm) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\WINDOWS\system32\DRIVERS\intelppm.sys
O41 - Driver:  (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver:  (Kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\WINDOWS\system32\DRIVERS\kbdclass.sys
O41 - Driver:  (Mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\WINDOWS\system32\DRIVERS\mouclass.sys
O41 - Driver:  (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver:  (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver:  (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\WINDOWS\system32\DRIVERS\netbt.sys
O41 - Driver:  (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O41 - Driver:  (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
O41 - Driver:  (redbook) . (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) - C:\WINDOWS\system32\DRIVERS\redbook.sys
O41 - Driver:  (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\WINDOWS\system32\DRIVERS\serial.sys
O41 - Driver:  (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver:  (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\WINDOWS\system32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys
~ Drivers: 57 Scanned in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader XI (11.0.04) - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AB0000000001}
O42 - Logiciel: Allin1Convert Firefox Toolbar - (.Mindspark Interactive Network.) [HKLM] -- Allin1Convert_8hbar Uninstall Firefox =>Adware.Allin1Convert
O42 - Logiciel: Allin1Convert Internet Explorer Toolbar - (.Mindspark Interactive Network.) [HKLM] -- Allin1Convert_8hbar Uninstall Internet Explorer =>Adware.Allin1Convert
O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {F5266D28-E0B2-4130-BFC5-EE155AD514DC}
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM] -- {8153ED9A-C94A-426E-9880-5E6775C08B62}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
O42 - Logiciel: Archiveur WinRAR - (...) [HKLM] -- WinRAR archiver
O42 - Logiciel: Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver - (.Atheros Communications Inc..) [HKLM] -- {3108C217-BE83-42E4-AE9E-A56A2A92E549}
O42 - Logiciel: Audacity 1.2.6 - (...) [HKLM] -- Audacity_is1
O42 - Logiciel: BitGuard - (.MediaTechSoft Inc.) [HKLM] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} =>PUP.BitGuard
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner =>Piriform Ltd
O42 - Logiciel: CameraHelperMsi - (.Logitech.) [HKLM] -- {15634701-BACE-4449-8B25-1567DA8C9FD3}
O42 - Logiciel: Compatibility Pack for the 2007 Office system - (.Microsoft Corporation.) [HKLM] -- {90120000-0020-0409-0000-0000000FF1CE}
O42 - Logiciel: Delta Chrome Toolbar - (.Visual Tools.) [HKLM] -- Delta Chrome Toolbar =>Toolbar.DeltaSearch
O42 - Logiciel: Delta toolbar   - (.Delta.) [HKLM] -- delta =>Toolbar.DeltaSearch
O42 - Logiciel: Facebook Video Calling 1.2.0.287 - (.Skype Limited.) [HKLM] -- {B92C5909-1D37-4C51-8397-A28BB28E5DC3}
O42 - Logiciel: File Opener Pro - (.FileOpenerPro.) [HKLM] -- fileopenerpro
O42 - Logiciel: Free Mp3 Wma Converter V 1.91 - (.Koyote Soft.) [HKLM] -- Free Mp3 Wma Converter_is1
O42 - Logiciel: Free YouTube to MP3 Converter version 3.12.2.419 - (.DVDVideoSoft Ltd..) [HKLM] -- Free YouTube to MP3 Converter_is1
O42 - Logiciel: HP Image Zone 3.5 - (.HP.) [HKLM] -- HP Photo & Imaging
O42 - Logiciel: HP PSC & OfficeJet 3.5 - (.HP.) [HKLM] -- {0FABD3D7-3036-4e78-B29D-58957ADB0A12}
O42 - Logiciel: HP Software Update - (.Hewlett-Packard.) [HKLM] -- {34957B51-9676-41CE-9E52-44AE91B73F1C}
O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399) - (.Microsoft Corporation.) [HKLM] -- KB929399
O42 - Logiciel: IClaroInstaller - (.IClaro.) [HKLM] -- {74AF34F6-ACF4-438C-9C7E-FA0307B60E45}
O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM] -- {5E97F3BD-CDDC-4188-9D98-532E14FABB5D}
O42 - Logiciel: IncrediMail 2.0 - (.IncrediMail Ltd..) [HKLM] -- IncrediMail
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI
O42 - Logiciel: IrfanView (remove only) - (.Irfan Skiljan.) [HKLM] -- IrfanView
O42 - Logiciel: Java 7 Update 21 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83217017FF}
O42 - Logiciel: Java(TM) 6 Update 29 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216021FF}
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {8E5233E1-7495-44FB-8DEB-4BE906D59619}
O42 - Logiciel: K-Lite Codec Pack 9.9.5 (Full) - (...) [HKLM] -- KLiteCodecPack_is1
O42 - Logiciel: LWS Facebook - (.Logitech.) [HKLM] -- {FF167195-9EE4-46C0-8CD7-FBA3457E88AB}
O42 - Logiciel: LWS Gallery - (.Logitech.) [HKLM] -- {6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}
O42 - Logiciel: LWS Help_main - (.Logitech.) [HKLM] -- {1651216E-E7AD-4250-92A1-FB8ED61391C9}
O42 - Logiciel: LWS Launcher - (.Logitech.) [HKLM] -- {83C8FA3C-F4EA-46C4-8392-D3CE353738D6}
O42 - Logiciel: LWS Motion Detection - (.Logitech.) [HKLM] -- {71E66D3F-A009-44AB-8784-75E2819BA4BA}
O42 - Logiciel: LWS Pictures And Video - (.Logitech.) [HKLM] -- {08610298-29AE-445B-B37D-EFBE05802967}
O42 - Logiciel: LWS Twitter - (.Logitech.) [HKLM] -- {174A3B31-4C43-43DD-866F-73C9DB887B48}
O42 - Logiciel: LWS Video Mask Maker - (.Logitech.) [HKLM] -- {EED027B7-0DB6-404B-8F45-6DFEE34A0441}
O42 - Logiciel: LWS VideoEffects - (.Logitech.) [HKLM] -- {138A4072-9E64-46BD-B5F9-DB2BB395391F}
O42 - Logiciel: LWS WLM Plugin - (.Logitech.) [HKLM] -- {9DAEA76B-E50F-4272-A595-0124E826553D}
O42 - Logiciel: LWS Webcam Software - (.Logitech.) [HKLM] -- {8937D274-C281-42E4-8CDB-A0B2DF979189}
O42 - Logiciel: LWS YouTube Plugin - (.Logitech.) [HKLM] -- {21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}
O42 - Logiciel: Lecteur Windows Media 11 - (...) [HKLM] -- Windows Media Player
O42 - Logiciel: Liveupdate4 - (.MSI, Inc..) [HKLM] -- Liveupdate4_is1
O42 - Logiciel: Logitech Vid HD - (.Logitech Inc...) [HKLM] -- Logitech Vid
O42 - Logiciel: Logitech Webcam Software - (.Logitech Inc..) [HKLM] -- {D40EB009-0499-459c-A8AF-C9C110766215}
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Malwarebytes Anti-Malware version 1.75.0.1300 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Memories Disc Creator 2.0 - (.Memories Disc Creator 2.0.) [HKLM] -- {2E132061-C78A-48D4-A899-1D13B9D189FA}
O42 - Logiciel: Microsoft Antimalware Service FR-FR Language Pack - (.Microsoft Corporation.) [HKLM] -- {32E9C1A5-0FDA-4483-987D-DBABF9CC1DD8}
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.) [HKLM] -- MSCompPackV1
O42 - Logiciel: Microsoft PowerPoint Viewer - (.Microsoft Corporation.) [HKLM] -- {95140000-00AF-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Security Client - (.Microsoft Corporation.) [HKLM] -- {3DADB23F-94E6-4E4D-AFE8-15DE4395E8F3}
O42 - Logiciel: Microsoft Security Client FR-FR Language Pack - (.Microsoft Corporation.) [HKLM] -- {50779A29-834E-4E36-BBEB-B7CABC67A825}
O42 - Logiciel: Microsoft Security Essentials - (.Microsoft Corporation.) [HKLM] -- Microsoft Security Client
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- Wudf01000
O42 - Logiciel: Microsoft WSE 3.0 Runtime - (.Microsoft Corp..) [HKLM] -- {E3E71D07-CD27-46CB-8448-16D4FB29AA13}
O42 - Logiciel: NXPowerLite 2.4.1 (Tous les utilisateurs) - (.Neuxpower Solutions Ltd.) [HKLM] -- NXPowerLite 2.4.1
O42 - Logiciel: Odboso PhotoRetrieval 1.7.3 - (.Odboso, Inc..) [HKLM] -- Odboso PhotoRetrieval_is1
O42 - Logiciel: PDFCreator - (.pdfforge.) [HKLM] -- {0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}
O42 - Logiciel: PhotoFiltre - (...) [HKCU] -- PhotoFiltre
O42 - Logiciel: PixiePack Codec Pack - (.None.) [HKLM] -- {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}
O42 - Logiciel: PokerStars.fr - (.PokerStars.fr.) [HKLM] -- PokerStars.fr
O42 - Logiciel: PowerPoint to Video 3.6 - (.ABOILSOFT, Inc..) [HKLM] -- PowerPoint to Video_is1
O42 - Logiciel: RealDownloader - (.RealNetworks, Inc..) [HKLM] -- {3DC873BB-FFE3-46BF-9701-26B9AE371F9F}
O42 - Logiciel: RealPlayer - (.RealNetworks.) [HKLM] -- RealPlayer 16.0
O42 - Logiciel: RealUpgrade 1.1 - (.RealNetworks, Inc..) [HKLM] -- {28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
O42 - Logiciel: Recovery Toolbox for RAR 1.1 - (.Recovery Toolbox, Inc..) [HKLM] -- Recovery Toolbox for RAR_is1
O42 - Logiciel: Recuva - (.Piriform.) [HKLM] -- Recuva
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- KB931906
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- {0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
O42 - Logiciel: Skype™ 6.3 - (.Skype Technologies S.A..) [HKLM] -- {4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
O42 - Logiciel: Switch Sound File Converter - (.NCH Software.) [HKLM] -- Switch
O42 - Logiciel: TomTom HOME 2.8.2.2264 - (.TomTom.) [HKLM] -- TomTom HOME
O42 - Logiciel: TomTom HOME Visual Studio Merge Modules - (.TomTom International B.V..) [HKLM] -- {8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
O42 - Logiciel: Unlocker 1.9.1 - (.Cedrick Collomb.) [HKLM] -- Unlocker
O42 - Logiciel: VIA Gestionnaire de périphériques de plate-forme - (.VIA Technologies, Inc..) [HKLM] -- InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}
O42 - Logiciel: VLC media player 0.9.9 - (.VideoLAN Team.) [HKLM] -- VLC media player
O42 - Logiciel: VirginMega.Fr Premium - (.VirginMega.Fr.) [HKLM] -- {D416E000-D999-470A-BCAC-98E717CC1AFC}
O42 - Logiciel: Vittalia Installer - (.programtop.net.) [HKLM] -- Vittalia
O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) - (.Microsoft Corporation.) [HKLM] -- WgaNotify
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM] -- KB892130
O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8
O42 - Logiciel: Windows Media Format 11 runtime - (...) [HKLM] -- Windows Media Format Runtime
O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] -- WMFDist11
O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM] -- wmp11
O42 - Logiciel: erLT - (.Logitech, Inc..) [HKLM] -- {3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
O42 - Logiciel: overland - (.HP.) [HKLM] -- {766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
~ Logic: 175 Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\59558a8be168b917]
[HKCU\Software\ABBYY]
[HKCU\Software\AC3Filter]
[HKCU\Software\ACD Systems]
[HKCU\Software\ASProtect]
[HKCU\Software\Acoolsoft]
[HKCU\Software\Adobe]
[HKCU\Software\Ahead]
[HKCU\Software\Alawar]
[HKCU\Software\Allin1Convert_8h] =>Adware.Allin1Convert
[HKCU\Software\AppDataLow\Software\RealNetworks]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Apple Inc.]
[HKCU\Software\Audacity]
[HKCU\Software\Aurigma]
[HKCU\Software\Avast Software]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\CDDB]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Convar]
[HKCU\Software\ConvertDirect]
[HKCU\Software\Cygwin]
[HKCU\Software\DVDVideoSoft]
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\Delta]
[HKCU\Software\Digital River]
[HKCU\Software\DigitalPictureRecovery2]
[HKCU\Software\ElcomSoft]
[HKCU\Software\Electronic Arts]
[HKCU\Software\Facebook]
[HKCU\Software\FreeDownloadManager.ORG]
[HKCU\Software\GNU]
[HKCU\Software\GOG]
[HKCU\Software\Gabest]
[HKCU\Software\GeoVid]
[HKCU\Software\Google]
[HKCU\Software\Haali]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IM Providers]
[HKCU\Software\ITOPDFD]
[HKCU\Software\Icaros]
[HKCU\Software\IncrediMail]
[HKCU\Software\Intel]
[HKCU\Software\Intelore]
[HKCU\Software\JavaSoft]
[HKCU\Software\LANGAGENT]
[HKCU\Software\LAV]
[HKCU\Software\LBSU]
[HKCU\Software\Lamantine]
[HKCU\Software\Leadertech]
[HKCU\Software\Licenses]
[HKCU\Software\LogiShrd]
[HKCU\Software\Logitech]
[HKCU\Software\Macromedia]
[HKCU\Software\MainConcept]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MediaInfo]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\MunSoft]
[HKCU\Software\NCH Software]
[HKCU\Software\NCH Swift Sound]
[HKCU\Software\Netscape]
[HKCU\Software\Neuxpower]
[HKCU\Software\NoelD]
[HKCU\Software\ODBC]
[HKCU\Software\Oak Technology]
[HKCU\Software\Odboso]
[HKCU\Software\PDFCreator]
[HKCU\Software\PasswordTools]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\RapidSolution]
[HKCU\Software\RealNetworks]
[HKCU\Software\Recovery Toolbox for RAR]
[HKCU\Software\RegisteredApplications]
[HKCU\Software\SecuROM]
[HKCU\Software\SkypeRS]
[HKCU\Software\Skype]
[HKCU\Software\SolidDocuments]
[HKCU\Software\TeleCharger]
[HKCU\Software\TeleCharger_v2]
[HKCU\Software\TomTom]
[HKCU\Software\Trolltech]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\VirginMega]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Winamp]
[HKCU\Software\Xenocode]
[HKCU\Software\ej-technologies]
[HKCU\Software\geissplugin]
[HKCU\Software\madshi]
[HKCU\Software\mozilla]
[HKCU\Software\pptvideo]
[HKCU\Software\pwnow]
[HKCU\Software\searchcoretoolbar]
[HKCU\Software\temp]
[HKCU\Software\tvp]
[HKLM\Software\59558a8be168b917]
[HKLM\Software\ABBYY]
[HKLM\Software\ACD Systems]
[HKLM\Software\ALWIL Software]
[HKLM\Software\AVAST Software]
[HKLM\Software\Acoolsoft]
[HKLM\Software\Adobe]
[HKLM\Software\AdwCleaner]
[HKLM\Software\Alawar]
[HKLM\Software\Allin1Convert_8h] =>Adware.Allin1Convert
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\Atheros Communications Inc.]
[HKLM\Software\BrowserChoice]
[HKLM\Software\C07ft5Y]
[HKLM\Software\CDDB]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Cygwin]
[HKLM\Software\DRWDemo]
[HKLM\Software\DVDVideoSoft]
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Debug]
[HKLM\Software\Delta]
[HKLM\Software\EASEUS]
[HKLM\Software\EdenFlirt]
[HKLM\Software\ElcomSoft]
[HKLM\Software\Electronic Arts]
[HKLM\Software\Emsisoft]
[HKLM\Software\GEAR Software]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\HP]
[HKLM\Software\HaaliMkx]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\ICE]
[HKLM\Software\IM Providers]
[HKLM\Software\Icaros]
[HKLM\Software\InstallShield]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\KLCodecPack]
[HKLM\Software\LAV]
[HKLM\Software\LEAD Technologies, Inc.]
[HKLM\Software\Lamantine]
[HKLM\Software\Licenses]
[HKLM\Software\Loader]
[HKLM\Software\Logitech]
[HKLM\Software\MSI]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware (Trial)]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\McAfee.com]
[HKLM\Software\MimarSinan]
[HKLM\Software\Mircrosoft]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\MunSoft]
[HKLM\Software\NCH Software]
[HKLM\Software\NCH Swift Sound]
[HKLM\Software\Nero]
[HKLM\Software\Neuxpower]
[HKLM\Software\ODBC]
[HKLM\Software\Oak Technology]
[HKLM\Software\Ontrack]
[HKLM\Software\PDFCreator]
[HKLM\Software\PasswordTools]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\RapidSolution]
[HKLM\Software\RealNetworks]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RichFX]
[HKLM\Software\Schlumberger]
[HKLM\Software\Secure]
[HKLM\Software\Skype]
[HKLM\Software\SolidDocuments]
[HKLM\Software\Speedchecker Limited]
[HKLM\Software\Stellar information Systems ltd.]
[HKLM\Software\Symantec]
[HKLM\Software\TomTom]
[HKLM\Software\Trolltech]
[HKLM\Software\Uniblue]
[HKLM\Software\VIA Technologies, Inc]
[HKLM\Software\VideoLAN]
[HKLM\Software\VirginMega]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Windows]
[HKLM\Software\WonderShare]
[HKLM\Software\Wow6432Node]
[HKLM\Software\Xing Technology Corp.]
[HKLM\Software\ahead]
[HKLM\Software\ej-technologies]
[HKLM\Software\iTinySoft]
[HKLM\Software\logishrd]
[HKLM\Software\mcafeeupdater]
[HKLM\Software\mozilla.org]
~ Key Software: 283 Scanned in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/11/2012 - 19:54:42 - [0,024] ----D C:\Program Files\01NET.com
O43 - CFD: 02/05/2013 - 15:12:41 - [1,231] ----D C:\Program Files\1MediaPlayer
O43 - CFD: 17/12/2010 - 17:11:51 - [0] ----D C:\Program Files\Acoolsoft
O43 - CFD: 18/06/2013 - 16:13:41 - [120,726] ----D C:\Program Files\Adobe
O43 - CFD: 13/11/2012 - 19:16:14 - [3,520] ----D C:\Program Files\Aimersoft
O43 - CFD: 21/09/2013 - 09:26:14 - [10,364] ----D C:\Program Files\Allin1Convert_8h =>Adware.Allin1Convert
O43 - CFD: 21/09/2013 - 09:25:38 - [4,713] ---AD C:\Program Files\Allin1Convert_8hEI =>Adware.Allin1Convert
O43 - CFD: 07/02/2011 - 11:50:40 - [54,833] ----D C:\Program Files\Alwil Software
O43 - CFD: 17/11/2011 - 12:04:15 - [2,316] ----D C:\Program Files\Apple Software Update
O43 - CFD: 20/10/2010 - 10:14:52 - [8,289] ----D C:\Program Files\Audacity
O43 - CFD: 18/09/2012 - 16:29:40 - [0,000] ----D C:\Program Files\AVAST Software
O43 - CFD: 06/04/2013 - 17:16:15 - [0,615] ----D C:\Program Files\AVG SafeGuard toolbar
O43 - CFD: 01/03/2013 - 17:06:14 - [5,085] ----D C:\Program Files\CCleaner =>Piriform Ltd
O43 - CFD: 13/11/2012 - 19:16:35 - [1,766] ----D C:\Program Files\Common Files
O43 - CFD: 28/08/2011 - 21:51:52 - [6,869] ----D C:\Program Files\Convar
O43 - CFD: 21/09/2013 - 00:02:53 - [2,393] ----D C:\Program Files\Delta
O43 - CFD: 29/08/2011 - 01:19:04 - [0] ----D C:\Program Files\Digital Photo Recovery
O43 - CFD: 20/04/2013 - 15:30:47 - [6,749] ----D C:\Program Files\DVDVideoSoft
O43 - CFD: 17/12/2010 - 21:12:49 - [490,559] ----D C:\Program Files\E.M. PowerPoint Video Converter
O43 - CFD: 30/03/2012 - 22:35:52 - [1,291] ----D C:\Program Files\EASEUS
O43 - CFD: 02/05/2013 - 14:16:24 - [0,002] ----D C:\Program Files\EID
O43 - CFD: 20/02/2012 - 12:16:41 - [0,009] ----D C:\Program Files\Elcomsoft
O43 - CFD: 28/11/2011 - 18:32:25 - [0] ----D C:\Program Files\Electronic Arts
O43 - CFD: 09/09/2013 - 22:36:35 - [640,719] ----D C:\Program Files\Fichiers communs
O43 - CFD: 21/09/2013 - 00:03:50 - [0,918] ----D C:\Program Files\FileOpenerPro
O43 - CFD: 10/04/2013 - 10:02:53 - [0] ----D C:\Program Files\FirstRowSportApp.com
O43 - CFD: 06/04/2013 - 17:22:49 - [4,070] ----D C:\Program Files\Free Audio Pack
O43 - CFD: 29/11/2012 - 21:30:32 - [0,257] ----D C:\Program Files\Free mp3 Wma Converter
O43 - CFD: 12/09/2010 - 16:26:47 - [15,226] ----D C:\Program Files\GeoVid
O43 - CFD: 06/04/2013 - 19:06:04 - [287,117] ----D C:\Program Files\Google
O43 - CFD: 22/08/2010 - 17:51:38 - [320,768] ----D C:\Program Files\HP
O43 - CFD: 23/08/2010 - 10:43:18 - [22,611] ----D C:\Program Files\IncrediMail
O43 - CFD: 04/06/2012 - 09:37:45 - [4,403] --H-D C:\Program Files\InstallShield Installation Information
O43 - CFD: 21/08/2010 - 21:15:17 - [0,092] ----D C:\Program Files\Intel
O43 - CFD: 13/09/2013 - 00:31:45 - [6,426] ----D C:\Program Files\Internet Explorer
O43 - CFD: 06/04/2013 - 17:23:40 - [1,233] ----D C:\Program Files\IrfanView
O43 - CFD: 30/05/2013 - 14:12:20 - [199,480] ----D C:\Program Files\Java
O43 - CFD: 01/08/2013 - 16:02:16 - [58,471] ----D C:\Program Files\K-Lite Codec Pack
O43 - CFD: 07/01/2011 - 10:32:12 - [125,358] ----D C:\Program Files\Logitech
O43 - CFD: 21/09/2013 - 00:50:46 - [14,025] ----D C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 07/08/2011 - 17:51:15 - [0,000] ----D C:\Program Files\MediaMonkey
O43 - CFD: 20/02/2011 - 18:33:50 - [2,078] ----D C:\Program Files\Messenger
O43 - CFD: 21/08/2010 - 15:40:36 - [0,216] ----D C:\Program Files\Microsoft
O43 - CFD: 08/01/2011 - 01:03:47 - [0,764] ----D C:\Program Files\Microsoft CAPICOM 2.1.0.2
O43 - CFD: 21/08/2010 - 21:04:38 - [0] ----D C:\Program Files\microsoft frontpage
O43 - CFD: 29/12/2010 - 19:52:29 - [377,074] ----D C:\Program Files\Microsoft Office
O43 - CFD: 22/07/2013 - 09:49:11 - [22,359] ----D C:\Program Files\Microsoft Security Client
O43 - CFD: 12/07/2013 - 08:35:57 - [40,851] ----D C:\Program Files\Microsoft Silverlight
O43 - CFD: 21/08/2010 - 15:41:07 - [1,745] ----D C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD: 15/06/2011 - 19:24:40 - [0,934] ----D C:\Program Files\Microsoft WSE
O43 - CFD: 23/08/2010 - 09:00:00 - [0,316] ----D C:\Program Files\Microsoft.NET
O43 - CFD: 23/08/2010 - 01:20:00 - [9,894] ----D C:\Program Files\Movie Maker
O43 - CFD: 20/02/2012 - 12:15:21 - [0] ----D C:\Program Files\Mozilla Firefox
O43 - CFD: 21/08/2010 - 16:46:01 - [0,025] ----D C:\Program Files\MSBuild
O43 - CFD: 29/09/2010 - 11:35:33 - [140,545] ----D C:\Program Files\MSECache
O43 - CFD: 10/04/2013 - 09:06:11 - [7,112] ----D C:\Program Files\MSI
O43 - CFD: 21/08/2010 - 20:37:01 - [17,551] ----D C:\Program Files\MSN
O43 - CFD: 21/08/2010 - 20:38:00 - [1,311] ----D C:\Program Files\MSN Gaming Zone
O43 - CFD: 23/08/2010 - 21:55:15 - [0] ----D C:\Program Files\MSXML 4.0
O43 - CFD: 12/04/2012 - 19:05:37 - [0] ----D C:\Program Files\MunSoft
O43 - CFD: 23/10/2012 - 12:08:12 - [5,441] ----D C:\Program Files\NCH Software
O43 - CFD: 01/06/2011 - 16:41:53 - [2,806] ----D C:\Program Files\NCH Swift Sound
O43 - CFD: 21/08/2010 - 19:14:41 - [2,798] ----D C:\Program Files\Nero
O43 - CFD: 21/08/2010 - 21:03:05 - [3,133] ----D C:\Program Files\NetMeeting
O43 - CFD: 09/11/2012 - 17:17:26 - [0,051] ----D C:\Program Files\netpass
O43 - CFD: 06/04/2013 - 17:22:50 - [3,737] ----D C:\Program Files\NXPowerLite 2.4.1
O43 - CFD: 06/04/2013 - 17:22:50 - [1,912] ----D C:\Program Files\Odboso PhotoRetrieval
O43 - CFD: 21/08/2010 - 21:01:54 - [0,002] ----D C:\Program Files\Online Services
O43 - CFD: 28/08/2011 - 21:38:12 - [0,826] ----D C:\Program Files\Ontrack
O43 - CFD: 28/12/2012 - 12:58:44 - [0,007] ----D C:\Program Files\OpenXML-ODF Translator
O43 - CFD: 14/12/2010 - 23:24:55 - [4,176] ----D C:\Program Files\Outlook Express
O43 - CFD: 25/12/2010 - 18:08:40 - [7,789] ----D C:\Program Files\Overland
O43 - CFD: 21/08/2010 - 21:29:42 - [2,184] ----D C:\Program Files\pdf
O43 - CFD: 06/04/2013 - 17:19:00 - [19,774] ----D C:\Program Files\PDFCreator
O43 - CFD: 03/11/2010 - 15:31:49 - [5,548] ----D C:\Program Files\PhotoFiltre
O43 - CFD: 06/04/2013 - 17:20:13 - [10,942] ----D C:\Program Files\PixiePack Codec Pack
O43 - CFD: 19/06/2013 - 18:00:17 - [126,827] ----D C:\Program Files\PokerStars.FR
O43 - CFD: 20/02/2011 - 18:33:51 - [2,430] ----D C:\Program Files\PowerPoint to Video
O43 - CFD: 17/12/2010 - 16:56:01 - [1,820] ----D C:\Program Files\Presentersoft PowerVideoMaker
O43 - CFD: 02/05/2013 - 16:26:42 - [1,066] ----D C:\Program Files\QuickTime
O43 - CFD: 04/10/2012 - 10:57:18 - [0,471] ----D C:\Program Files\RapidSolution
O43 - CFD: 09/09/2013 - 22:36:46 - [111,703] ----D C:\Program Files\Real
O43 - CFD: 10/04/2013 - 09:01:12 - [0] ----D C:\Program Files\Real Alternative
O43 - CFD: 11/09/2013 - 09:48:36 - [17,699] ----D C:\Program Files\RealNetworks
O43 - CFD: 06/04/2013 - 17:14:54 - [0,298] ----D C:\Program Files\RealNetworks(2)
O43 - CFD: 06/04/2013 - 17:22:53 - [3,317] ----D C:\Program Files\Recovery Toolbox for RAR
O43 - CFD: 28/06/2012 - 12:36:54 - [2,130] ----D C:\Program Files\Recuva
O43 - CFD: 21/08/2010 - 16:45:57 - [34,730] ----D C:\Program Files\Reference Assemblies
O43 - CFD: 21/08/2010 - 21:03:32 - [0,001] ----D C:\Program Files\Services en ligne
O43 - CFD: 12/12/2011 - 19:18:32 - [0,066] ----D C:\Program Files\SimpleOCR
O43 - CFD: 31/05/2013 - 11:17:14 - [18,066] R---D C:\Program Files\Skype
O43 - CFD: 02/05/2013 - 09:57:46 - [0,016] ----D C:\Program Files\Skype(2)
O43 - CFD: 12/04/2012 - 19:06:53 - [7,486] ----D C:\Program Files\Stellar Phoenix Windows Data Recovery - Home
O43 - CFD: 03/02/2012 - 10:00:20 - [0] ----D C:\Program Files\TomTom DesktopSuite
O43 - CFD: 15/06/2011 - 19:23:09 - [0,088] ----D C:\Program Files\TomTom HOME 2
O43 - CFD: 16/05/2011 - 15:30:43 - [0,021] ----D C:\Program Files\TomTom International B.V
O43 - CFD: 14/03/2011 - 12:14:09 - [0,390] ----D C:\Program Files\Trend Micro
O43 - CFD: 19/05/2011 - 23:33:32 - [0,162] ----D C:\Program Files\UltraISO
O43 - CFD: 21/08/2010 - 21:08:02 - [0] --H-D C:\Program Files\Uninstall Information
O43 - CFD: 18/10/2011 - 08:50:38 - [0,221] ----D C:\Program Files\Unlocker
O43 - CFD: 21/08/2010 - 21:18:25 - [34,550] ----D C:\Program Files\VIA
O43 - CFD: 21/08/2010 - 21:29:06 - [48,518] ----D C:\Program Files\VideoLAN
O43 - CFD: 29/12/2010 - 17:38:07 - [1,047] ----D C:\Program Files\VirginMega
O43 - CFD: 02/05/2013 - 09:31:03 - [123,364] ----D C:\Program Files\Windows Live
O43 - CFD: 06/04/2013 - 17:22:51 - [0,234] ----D C:\Program Files\Windows Live SkyDrive
O43 - CFD: 20/02/2011 - 18:33:53 - [3,426] ----D C:\Program Files\Windows Media Connect 2
O43 - CFD: 31/07/2013 - 12:30:17 - [7,866] ----D C:\Program Files\Windows Media Player
O43 - CFD: 21/08/2010 - 18:22:02 - [4,093] ----D C:\Program Files\Windows NT
O43 - CFD: 21/08/2010 - 21:03:37 - [0] --H-D C:\Program Files\WindowsUpdate
O43 - CFD: 22/10/2010 - 21:18:43 - [3,503] ----D C:\Program Files\WinRAR
O43 - CFD: 21/08/2010 - 21:04:38 - [0] ----D C:\Program Files\xerox
O43 - CFD: 21/09/2013 - 10:14:04 - [23,401] ----D C:\Program Files\ZHPDiag
O43 - CFD: 10/04/2013 - 09:01:14 - [0] ----D C:\Program Files\Zylom Games
O43 - CFD: 10/04/2013 - 09:20:17 - [1,820] ----D C:\Program Files\Fichiers communs\ACD Systems
O43 - CFD: 18/06/2013 - 16:13:47 - [6,227] ----D C:\Program Files\Fichiers communs\Adobe
O43 - CFD: 20/01/2012 - 22:55:49 - [5,795] ----D C:\Program Files\Fichiers communs\Ahead
O43 - CFD: 20/01/2012 - 22:51:01 - [87,895] ----D C:\Program Files\Fichiers communs\Apple
O43 - CFD: 23/08/2010 - 09:01:13 - [0,082] ----D C:\Program Files\Fichiers communs\DESIGNER
O43 - CFD: 20/04/2013 - 15:30:43 - [67,248] ----D C:\Program Files\Fichiers communs\DVDVideoSoft
O43 - CFD: 12/09/2010 - 16:26:57 - [1,653] ----D C:\Program Files\Fichiers communs\GeoVid
O43 - CFD: 22/08/2010 - 17:51:24 - [0,173] ----D C:\Program Files\Fichiers communs\Hewlett-Packard
O43 - CFD: 22/08/2010 - 17:49:08 - [35,028] ----D C:\Program Files\Fichiers communs\HP
O43 - CFD: 20/01/2012 - 22:58:07 - [1,629] ----D C:\Program Files\Fichiers communs\InstallShield
O43 - CFD: 30/05/2013 - 14:17:10 - [1,189] ----D C:\Program Files\Fichiers communs\Java
O43 - CFD: 06/01/2011 - 17:12:31 - [64,874] ----D C:\Program Files\Fichiers communs\LogiShrd
O43 - CFD: 06/01/2011 - 17:07:37 - [4,999] ----D C:\Program Files\Fichiers communs\LWS
O43 - CFD: 01/04/2013 - 15:49:44 - [336,741] ----D C:\Program Files\Fichiers communs\Microsoft Shared
O43 - CFD: 21/08/2010 - 21:03:00 - [0,271] ----D C:\Program Files\Fichiers communs\MSSoap
O43 - CFD: 21/08/2010 - 22:29:14 - [0] ----D C:\Program Files\Fichiers communs\ODBC
O43 - CFD: 21/08/2010 - 21:03:04 - [0,008] ----D C:\Program Files\Fichiers communs\Services
O43 - CFD: 31/05/2013 - 11:17:13 - [1,904] ----D C:\Program Files\Fichiers communs\Skype
O43 - CFD: 21/08/2010 - 22:29:12 - [3,612] ----D C:\Program Files\Fichiers communs\SpeechEngines
O43 - CFD: 31/05/2013 - 10:43:55 - [0] ----D C:\Program Files\Fichiers communs\Symantec Shared
O43 - CFD: 23/08/2010 - 09:01:05 - [19,234] ----D C:\Program Files\Fichiers communs\System
O43 - CFD: 21/08/2010 - 15:34:58 - [0] ----D C:\Program Files\Fichiers communs\Windows Live
O43 - CFD: 11/09/2013 - 09:48:50 - [0,336] ----D C:\Program Files\Fichiers communs\xing shared
O43 - CFD: 16/09/2012 - 19:25:22 - [0,002] ----D C:\Documents and Settings\All Users\Application Data\036DFF850007E17A292FBF2A7B07D287
O43 - CFD: 07/02/2011 - 13:21:41 - [0,007] ----D C:\Documents and Settings\All Users\Application Data\a3d62a
O43 - CFD: 31/10/2011 - 12:10:55 - [0,003] ----D C:\Documents and Settings\All Users\Application Data\ABBYY
O43 - CFD: 25/06/2013 - 17:24:59 - [273,002] ----D C:\Documents and Settings\All Users\Application Data\Adobe
O43 - CFD: 07/02/2011 - 11:50:40 - [5,209] ----D C:\Documents and Settings\All Users\Application Data\Alwil Software
O43 - CFD: 17/11/2011 - 12:02:15 - [51,163] ----D C:\Documents and Settings\All Users\Application Data\Apple
O43 - CFD: 02/05/2013 - 16:26:20 - [0,001] ----D C:\Documents and Settings\All Users\Application Data\Apple Computer
O43 - CFD: 20/04/2013 - 12:57:23 - [0] ----D C:\Documents and Settings\All Users\Application Data\AVAST Software
O43 - CFD: 06/04/2013 - 17:15:32 - [0,640] ----D C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
O43 - CFD: 21/09/2013 - 00:01:44 - [0] ----D C:\Documents and Settings\All Users\Application Data\Babylon =>Toolbar.Babylon
O43 - CFD: 21/09/2013 - 00:02:34 - [8,084] ----D C:\Documents and Settings\All Users\Application Data\BitGuard =>PUP.BitGuard
O43 - CFD: 06/04/2013 - 17:15:30 - [0,084] ----D C:\Documents and Settings\All Users\Application Data\BrowserProtect(2) =>Hijacker.Eazel
O43 - CFD: 06/04/2013 - 14:39:28 - [0,000] ----D C:\Documents and Settings\All Users\Application Data\Common Files
O43 - CFD: 29/12/2010 - 17:37:22 - [2,211] ----D C:\Documents and Settings\All Users\Application Data\Downloaded Installations
O43 - CFD: 28/11/2011 - 18:43:55 - [0] ----D C:\Documents and Settings\All Users\Application Data\Electronic Arts
O43 - CFD: 06/04/2013 - 19:06:04 - [0,502] ----D C:\Documents and Settings\All Users\Application Data\Google
O43 - CFD: 23/08/2010 - 10:44:27 - [0,000] ----D C:\Documents and Settings\All Users\Application Data\IM
O43 - CFD: 23/08/2010 - 10:43:21 - [7,618] ----D C:\Documents and Settings\All Users\Application Data\IncrediMail
O43 - CFD: 23/10/2012 - 12:39:27 - [0,038] ----D C:\Documents and Settings\All Users\Application Data\InstallMate
O43 - CFD: 17/12/2010 - 20:28:21 - [0,001] ----D C:\Documents and Settings\All Users\Application Data\Leawo
O43 - CFD: 06/01/2011 - 17:16:52 - [0,000] ----D C:\Documents and Settings\All Users\Application Data\LogiShrd
O43 - CFD: 06/01/2011 - 17:07:44 - [20,162] ----D C:\Documents and Settings\All Users\Application Data\Logitech
O43 - CFD: 14/03/2011 - 18:45:36 - [17,285] ----D C:\Documents and Settings\All Users\Application Data\Malwarebytes
O43 - CFD: 23/08/2010 - 18:23:55 - [0,000] ----D C:\Documents and Settings\All Users\Application Data\McAfee
O43 - CFD: 15/06/2012 - 15:52:54 - [419,433] -S--D C:\Documents and Settings\All Users\Application Data\Microsoft
O43 - CFD: 23/10/2012 - 11:05:25 - [0] ----D C:\Documents and Settings\All Users\Application Data\NCH Software
O43 - CFD: 01/06/2011 - 16:34:33 - [0] ----D C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
O43 - CFD: 31/05/2013 - 11:10:26 - [0,000] ----D C:\Documents and Settings\All Users\Application Data\Norton
O43 - CFD: 31/05/2013 - 10:43:39 - [0,683] ----D C:\Documents and Settings\All Users\Application Data\NortonInstaller
O43 - CFD: 21/08/2010 - 15:57:58 - [0,002] ----D C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
O43 - CFD: 04/10/2012 - 11:05:10 - [10,186] ----D C:\Documents and Settings\All Users\Application Data\RapidSolution
O43 - CFD: 03/12/2010 - 11:44:25 - [3,703] ----D C:\Documents and Settings\All Users\Application Data\Real
O43 - CFD: 11/09/2013 - 09:48:36 - [1,938] ----D C:\Documents and Settings\All Users\Application Data\RealNetworks
O43 - CFD: 06/04/2013 - 17:15:00 - [1,362] ----D C:\Documents and Settings\All Users\Application Data\RealNetworks(2)
O43 - CFD: 31/05/2013 - 11:17:22 - [31,474] ----D C:\Documents and Settings\All Users\Application Data\Skype
O43 - CFD: 06/01/2012 - 18:22:06 - [17,454] ----D C:\Documents and Settings\All Users\Application Data\SolidDocuments
O43 - CFD: 11/09/2010 - 12:43:23 - [0,000] ----D C:\Documents and Settings\All Users\Application Data\Sun
O43 - CFD: 16/09/2013 - 10:53:37 - [0] ---AD C:\Documents and Settings\All Users\Application Data\TEMP
O43 - CFD: 16/05/2011 - 15:31:33 - [0,304] ----D C:\Documents and Settings\All Users\Application Data\TomTom
O43 - CFD: 21/08/2010 - 15:46:55 - [0,003] ----D C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
O43 - CFD: 02/10/2010 - 12:36:05 - [0] ----D C:\Documents and Settings\All Users\Application Data\Zylom
O43 - CFD: 17/11/2011 - 12:07:39 - [0,003] ----D C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
O43 - CFD: 02/05/2013 - 15:12:38 - [0,011] ----D C:\Documents and Settings\Anne\Application Data\1MediaPlayer
O43 - CFD: 31/10/2011 - 12:04:13 - [0] ----D C:\Documents and Settings\Anne\Application Data\ABBYY
O43 - CFD: 21/04/2011 - 13:49:14 - [0] ----D C:\Documents and Settings\Anne\Application Data\ACD Systems
O43 - CFD: 20/06/2013 - 11:12:00 - [8,280] ----D C:\Documents and Settings\Anne\Application Data\Adobe
O43 - CFD: 17/05/2011 - 14:07:55 - [0,046] ----D C:\Documents and Settings\Anne\Application Data\Ahead
O43 - CFD: 21/09/2013 - 09:34:40 - [2,696] ----D C:\Documents and Settings\Anne\Application Data\Allin1Convert_8h =>Adware.Allin1Convert
O43 - CFD: 17/11/2011 - 14:39:43 - [0,189] ----D C:\Documents and Settings\Anne\Application Data\Apple Computer
O43 - CFD: 06/04/2013 - 14:40:52 - [0,051] ----D C:\Documents and Settings\Anne\Application Data\AVG SafeGuard toolbar
O43 - CFD: 21/09/2013 - 00:02:07 - [1,265] ----D C:\Documents and Settings\Anne\Application Data\BabSolution =>Hijacker.BabSolution
O43 - CFD: 21/09/2013 - 00:01:44 - [0,003] ----D C:\Documents and Settings\Anne\Application Data\Babylon =>Toolbar.Babylon
O43 - CFD: 21/09/2013 - 00:03:38 - [0,259] ----D C:\Documents and Settings\Anne\Application Data\Delta
O43 - CFD: 11/09/2013 - 09:49:18 - [0,000] ----D C:\Documents and Settings\Anne\Application Data\dvdcss
O43 - CFD: 20/04/2013 - 15:30:39 - [8,573] ----D C:\Documents and Settings\Anne\Application Data\DVDVideoSoft
O43 - CFD: 27/02/2011 - 12:23:37 - [0,359] ----D C:\Documents and Settings\Anne\Application Data\Emjysoft
O43 - CFD: 27/07/2011 - 15:00:09 - [3,158] ----D C:\Documents and Settings\Anne\Application Data\FILEminimizer
O43 - CFD: 18/05/2013 - 15:18:58 - [0,002] ----D C:\Documents and Settings\Anne\Application Data\Fomi
O43 - CFD: 24/08/2010 - 17:25:04 - [0,000] ----D C:\Documents and Settings\Anne\Application Data\FreeAudioPack
O43 - CFD: 12/09/2010 - 16:28:07 - [0,020] ----D C:\Documents and Settings\Anne\Application Data\GeoVid
O43 - CFD: 04/04/2012 - 19:44:02 - [0] ----D C:\Documents and Settings\Anne\Application Data\GetRightToGo
O43 - CFD: 21/08/2010 - 15:45:02 - [0] ----D C:\Documents and Settings\Anne\Application Data\Google
O43 - CFD: 04/11/2010 - 22:20:53 - [0,000] ----D C:\Documents and Settings\Anne\Application Data\gtk-2.0
O43 - CFD: 21/09/2013 - 09:39:20 - [0,003] ----D C:\Documents and Settings\Anne\Application Data\Haako
O43 - CFD: 22/10/2010 - 21:18:43 - [0] ----D C:\Documents and Settings\Anne\Application Data\Help
O43 - CFD: 28/08/2012 - 16:59:58 - [0,027] ----D C:\Documents and Settings\Anne\Application Data\IClaro
O43 - CFD: 21/08/2010 - 21:08:03 - [0] ----D C:\Documents and Settings\Anne\Application Data\Identities
O43 - CFD: 20/02/2012 - 17:15:24 - [1,612] ----D C:\Documents and Settings\Anne\Application Data\Intelore
O43 - CFD: 22/05/2013 - 13:10:34 - [0,007] ----D C:\Documents and Settings\Anne\Application Data\Iwwin
O43 - CFD: 06/01/2011 - 17:09:44 - [0,000] ----D C:\Documents and Settings\Anne\Application Data\Leadertech
O43 - CFD: 17/12/2010 - 20:33:24 - [0] ----D C:\Documents and Settings\Anne\Application Data\Leawo
O43 - CFD: 23/08/2010 - 02:29:56 - [0,006] ----D C:\Documents and Settings\Anne\Application Data\Macromedia
O43 - CFD: 22/01/2011 - 13:22:21 - [1,490] ----D C:\Documents and Settings\Anne\Application Data\Magic3
O43 - CFD: 14/03/2011 - 18:45:47 - [0,501] ----D C:\Documents and Settings\Anne\Application Data\Malwarebytes
O43 - CFD: 06/01/2012 - 17:04:28 - [56,517] -S--D C:\Documents and Settings\Anne\Application Data\Microsoft
O43 - CFD: 17/12/2010 - 20:33:24 - [0] ----D C:\Documents and Settings\Anne\Application Data\Moyea
O43 - CFD: 13/11/2012 - 19:01:13 - [6,407] ----D C:\Documents and Settings\Anne\Application Data\Mozilla
O43 - CFD: 23/10/2012 - 11:05:14 - [0,005] ----D C:\Documents and Settings\Anne\Application Data\NCH Software
O43 - CFD: 01/06/2011 - 16:41:51 - [0,001] ----D C:\Documents and Settings\Anne\Application Data\NCH Swift Sound
O43 - CFD: 20/05/2013 - 14:44:46 - [0,017] ----D C:\Documents and Settings\Anne\Application Data\Ozyd
O43 - CFD: 18/10/2010 - 23:14:21 - [0,001] ----D C:\Documents and Settings\Anne\Application Data\Passware
O43 - CFD: 02/11/2010 - 13:07:53 - [0,001] ----D C:\Documents and Settings\Anne\Application Data\PhotoFiltre
O43 - CFD: 17/12/2010 - 20:33:35 - [0,001] ----D C:\Documents and Settings\Anne\Application Data\PPT2Video
O43 - CFD: 10/09/2013 - 09:03:29 - [9,190] ----D C:\Documents and Settings\Anne\Application Data\Real
O43 - CFD: 09/09/2013 - 22:38:04 - [0,055] ----D C:\Documents and Settings\Anne\Application Data\RealNetworks
O43 - CFD: 10/03/2012 - 11:56:27 - [0] ----D C:\Documents and Settings\Anne\Application Data\searchcoreband
O43 - CFD: 10/03/2012 - 11:56:27 - [0,001] ----D C:\Documents and Settings\Anne\Application Data\searchcoretoolbar
O43 - CFD: 13/11/2012 - 19:54:36 - [0,002] ----D C:\Documents and Settings\Anne\Application Data\searchqutoolbar(2) =>PUP.Datamngr
O43 - CFD: 09/09/2013 - 10:37:55 - [4,529] ----D C:\Documents and Settings\Anne\Application Data\Skype
O43 - CFD: 06/01/2012 - 18:38:27 - [0,200] ----D C:\Documents and Settings\Anne\Application Data\SolidDocuments
O43 - CFD: 08/11/2010 - 18:14:14 - [0] ----D C:\Documents and Settings\Anne\Application Data\Sony
O43 - CFD: 01/09/2013 - 18:06:55 - [0,121] ----D C:\Documents and Settings\Anne\Application Data\SpeedAnalysis3 =>PUP.SpeedAnalysis
O43 - CFD: 11/09/2010 - 12:42:20 - [35,458] ----D C:\Documents and Settings\Anne\Application Data\Sun
O43 - CFD: 27/04/2013 - 16:54:29 - [0,253] ----D C:\Documents and Settings\Anne\Application Data\Syab
O43 - CFD: 16/05/2011 - 15:30:49 - [7,124] ----D C:\Documents and Settings\Anne\Application Data\TomTom
O43 - CFD: 09/12/2010 - 16:18:00 - [0,732] ----D C:\Documents and Settings\Anne\Application Data\Uniblue
O43 - CFD: 06/04/2013 - 16:03:44 - [0,779] ----D C:\Documents and Settings\Anne\Application Data\vlc
O43 - CFD: 17/05/2013 - 15:00:08 - [0,004] ----D C:\Documents and Settings\Anne\Application Data\Ytopuk
O43 - CFD: 27/04/2013 - 16:54:29 - [0] ----D C:\Documents and Settings\Anne\Application Data\Zyhue
O43 - CFD: 13/11/2012 - 19:54:41 - [0,629] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\01NET.com
O43 - CFD: 16/09/2012 - 20:01:34 - [0] -SH-D C:\Documents and Settings\Anne\Local Settings\Application Data\8b1040f4
O43 - CFD: 31/10/2011 - 12:10:55 - [1,577] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\ABBYY
O43 - CFD: 21/04/2011 - 13:49:18 - [12,784] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\ACD Systems
O43 - CFD: 11/08/2013 - 16:47:57 - [159,789] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\Adobe
O43 - CFD: 26/11/2010 - 09:53:29 - [25,629] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\Ahead
O43 - CFD: 13/11/2012 - 19:16:39 - [0,000] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\Aimersoft
O43 - CFD: 17/11/2011 - 12:04:28 - [0] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\Apple
O43 - CFD: 10/12/2012 - 11:21:13 - [4,022] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\Apple Computer
O43 - CFD: 21/09/2013 - 00:03:51 - [0,010] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\ApplicationHistory
O43 - CFD: 06/04/2013 - 14:41:31 - [0,611] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\AVG SafeGuard toolbar
O43 - CFD: 01/09/2013 - 18:06:55 - [0,016] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\avgchrome
O43 - CFD: 14/07/2011 - 20:25:34 - [0] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\Deployment
O43 - CFD: 21/04/2011 - 13:47:20 - [24,308] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\Downloaded Installations
O43 - CFD: 16/04/2011 - 11:30:03 - [7,573] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\EdenFlash
O43 - CFD: 20/07/2013 - 10:23:03 - [7,414] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\Facebook
O43 - CFD: 06/04/2013 - 19:06:04 - [13,816] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\Google
O43 - CFD: 22/10/2010 - 21:18:43 - [0] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\Help
O43 - CFD: 22/08/2010 - 17:54:36 - [1,054] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\HP
O43 - CFD: 21/09/2013 - 09:26:43 - [0] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\IAC
O43 - CFD: 24/08/2010 - 16:21:51 - [0,362] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\Identities
O43 - CFD: 11/09/2010 - 10:22:24 - [-2002,521] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\IM
O43 - CFD: 22/08/2010 - 17:54:37 - [0,002] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\IsolatedStorage
O43 - CFD: 06/01/2011 - 17:16:35 - [5,315] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\LogiShrd
O43 - CFD: 07/08/2011 - 17:51:14 - [0,295] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\MediaMonkey
O43 - CFD: 02/08/2013 - 22:05:39 - [1358,254] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft
O43 - CFD: 06/09/2010 - 16:52:42 - [0] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\PCHealth
O43 - CFD: 04/10/2012 - 11:00:41 - [0] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\RapidSolution
O43 - CFD: 31/05/2013 - 10:42:25 - [0] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\Real
O43 - CFD: 05/03/2013 - 16:45:03 - [0,319] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\Sun
O43 - CFD: 31/07/2013 - 12:37:22 - [0] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\Temp
O43 - CFD: 16/05/2011 - 15:30:49 - [1,696] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\TomTom
O43 - CFD: 26/08/2011 - 10:42:18 - [0] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\WMTools Downloaded Files
O43 - CFD: 06/09/2010 - 22:09:18 - [2,269] ----D C:\Documents and Settings\Anne\Local Settings\Application Data\Xenocode
O43 - CFD: 21/08/2010 - 16:28:44 - [0,015] R---D C:\Documents and Settings\Anne\Menu Démarrer\Programmes\Accessoires
O43 - CFD: 21/09/2013 - 00:02:49 - [0,001] ----D C:\Documents and Settings\Anne\Menu Démarrer\Programmes\BitGuard =>PUP.BitGuard
O43 - CFD: 28/08/2011 - 21:51:53 - [0,003] ----D C:\Documents and Settings\Anne\Menu Démarrer\Programmes\Convar
O43 - CFD: 07/02/2011 - 13:27:10 - [0,000] R---D C:\Documents and Settings\Anne\Menu Démarrer\Programmes\Démarrage
O43 - CFD: 30/05/2013 - 16:04:06 - [0] ----D C:\Documents and Settings\Anne\Menu Démarrer\Programmes\FirstRowSportApp.com
O43 - CFD: 30/05/2013 - 16:04:06 - [0,003] ----D C:\Documents and Settings\Anne\Menu Démarrer\Programmes\IrfanView
O43 - CFD: 28/12/2012 - 12:58:38 - [0,000] ----D C:\Documents and Settings\Anne\Menu Démarrer\Programmes\ODF Add-in for Microsoft Office
O43 - CFD: 11/09/2010 - 17:16:13 - [0,000] R---D C:\Documents and Settings\Anne\Menu Démarrer\Programmes\Outils d'administration
O43 - CFD: 02/11/2010 - 12:52:51 - [0,003] ----D C:\Documents and Settings\Anne\Menu Démarrer\Programmes\PhotoFiltre
O43 - CFD: 30/05/2013 - 16:04:06 - [0,001] ----D C:\Documents and Settings\Anne\Menu Démarrer\Programmes\TomTom
O43 - CFD: 02/02/2013 - 22:00:21 - [0,003] ----D C:\Documents and Settings\Anne\Menu Démarrer\Programmes\Unlocker
O43 - CFD: 29/12/2010 - 17:38:07 - [0,001] ----D C:\Documents and Settings\Anne\Menu Démarrer\Programmes\VirginMega
O43 - CFD: 21/08/2010 - 21:27:51 - [0,002] ----D C:\Documents and Settings\Anne\Menu Démarrer\Programmes\WinRAR
~ Program Folder: 282 Scanned in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.B9D8BCB37BD06D0B9B1630330A57CDC8] - 21/09/2013 - 08:57:00 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt   [32592]
O44 - LFC:[MD5.E6230430BFC57190B2C71D1F66E82F03] - 21/09/2013 - 08:01:26 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log   [1282455]
O44 - LFC:[MD5.0DB7527DB188C7D967A37BB51BBF3963] - 21/09/2013 - 07:56:33 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\Drivers\mbamswissarmy.sys   [40776]
O44 - LFC:[MD5.BFF64F5BC2B23F87D64F282262DB2081] - 21/09/2013 - 07:54:33 ---A- . (...) -- C:\WINDOWS\system32\wpa.dbl   [2284]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 21/09/2013 - 07:54:14 ---A- . (...) -- C:\WINDOWS\0.log   [0]
O44 - LFC:[MD5.95CCD36283A8DB239917C3F0207584BC] - 21/09/2013 - 07:54:09 ---A- . (...) -- C:\WINDOWS\wiadebug.log   [159]
O44 - LFC:[MD5.CC20B18BF2F4345ED3570061B7B1A181] - 21/09/2013 - 07:54:09 ---A- . (...) -- C:\WINDOWS\wiaservc.log   [50]
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 21/09/2013 - 07:53:28 -S-A- . (...) -- C:\WINDOWS\bootstat.dat   [2048]
O44 - LFC:[MD5.4470E3C1E0C3378E4CAB137893C12C3A] - 20/09/2013 - 23:41:54 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\WINDOWS\system32\Drivers\mbam.sys   [22856]
O44 - LFC:[MD5.DE42ABACAB2BE55DFCEBB01AFAF9CFD5] - 20/09/2013 - 23:24:53 ---A- . (...) -- C:\RstHosts.txt   [677]
O44 - LFC:[MD5.6F52CDE92810A8E441F005EFA761F7D6] - 20/09/2013 - 23:21:12 -SHA- . (...) -- C:\WINDOWS\Thumbs.db   [8192]
O44 - LFC:[MD5.8DCBB07D7396386A38A676CAF0925B21] - 20/09/2013 - 23:08:18 ---A- . (...) -- C:\WINDOWS\setupapi.log   [59096]
O44 - LFC:[MD5.E9B05DF6E6E8F01AB8EC3036F7770396] - 20/09/2013 - 21:06:41 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\WINDOWS\system32\FlashPlayerApp.exe   [692616]
O44 - LFC:[MD5.733AB625B4398BA223A9664EE6473051] - 20/09/2013 - 21:06:40 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl   [71048]
O44 - LFC:[MD5.26EE865FC9A116CAC99BBF7CFC5593FC] - 13/09/2013 - 09:32:03 ---A- . (...) -- C:\WINDOWS\system32\FNTCACHE.DAT   [222432]
O44 - LFC:[MD5.E0766BCF0A98158AB4CDEEF7EF257944] - 12/09/2013 - 23:31:59 ---A- . (...) -- C:\WINDOWS\KB2870699-IE8.log   [13159]
O44 - LFC:[MD5.C4982A885B9DA1537B3BABE20ECC267F] - 12/09/2013 - 23:31:59 ---A- . (...) -- C:\WINDOWS\comsetup.log   [35400]
O44 - LFC:[MD5.2E664744C870DE63471DE3CC3C28E71B] - 12/09/2013 - 23:31:59 ---A- . (...) -- C:\WINDOWS\iis6.log   [113757]
O44 - LFC:[MD5.99F334BDD2C8C979E439BF7F9618E74A] - 12/09/2013 - 23:31:59 ---A- . (...) -- C:\WINDOWS\imsins.log   [1374]
O44 - LFC:[MD5.A94D04EAFDCBD78806CB599CFE6D5F81] - 12/09/2013 - 23:31:59 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log   [21361]
O44 - LFC:[MD5.052A44942C73BDD5DF50D07927F4D804] - 12/09/2013 - 23:31:59 ---A- . (...) -- C:\WINDOWS\ocmsn.log   [5814]
O44 - LFC:[MD5.B349AED46AAE03AC1BAD3815913245B3] - 12/09/2013 - 23:31:59 ---A- . (...) -- C:\WINDOWS\tabletoc.log   [5287]
O44 - LFC:[MD5.49C5A32C1AB26823119979D48FF2ABE7] - 12/09/2013 - 23:31:59 ---A- . (...) -- C:\WINDOWS\tsoc.log   [47962]
O44 - LFC:[MD5.D08D1455C5447065CF41F6D87D20F225] - 12/09/2013 - 23:31:57 ---A- . (...) -- C:\WINDOWS\FaxSetup.log   [105115]
O44 - LFC:[MD5.80B78E164B85662553D73809B7206921] - 12/09/2013 - 23:31:57 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log   [7225]
O44 - LFC:[MD5.FABE1BFF96655D4D1D7CAE27AD56C40F] - 12/09/2013 - 23:31:57 ---A- . (...) -- C:\WINDOWS\msgsocm.log   [5253]
O44 - LFC:[MD5.555B0BB92B3D66842C8D94C0EEFEC1B3] - 12/09/2013 - 23:31:57 ---A- . (...) -- C:\WINDOWS\netfxocm.log   [18411]
O44 - LFC:[MD5.D867774645EDD735C20B783CDE2987BE] - 12/09/2013 - 23:31:57 ---A- . (...) -- C:\WINDOWS\ocgen.log   [50252]
O44 - LFC:[MD5.B2AD2D3DE8AC2B16599DECE55E6BFF62] - 12/09/2013 - 23:31:56 ---A- . (...) -- C:\WINDOWS\msmqinst.log   [32488]
O44 - LFC:[MD5.0F523CEC9D295BB3BC13E1F329047D8B] - 12/09/2013 - 23:31:41 ---A- . (...) -- C:\WINDOWS\updspapi.log   [15713]
O44 - LFC:[MD5.E17580DD7214322D81FCCA989EBDA128] - 12/09/2013 - 23:28:40 ---A- . (...) -- C:\WINDOWS\KB2876315.log   [11169]
O44 - LFC:[MD5.8CBF2D7727DECF7577AB6E904ED68C0F] - 12/09/2013 - 23:28:40 ---A- . (...) -- C:\WINDOWS\imsins.BAK   [1374]
O44 - LFC:[MD5.4F0F3648CD82B209A121521DCD9FE67A] - 12/09/2013 - 23:28:23 ---A- . (...) -- C:\WINDOWS\KB2876217.log   [10508]
O44 - LFC:[MD5.33B5197921B3B92365C0660DC197C4D8] - 12/09/2013 - 23:28:08 ---A- . (...) -- C:\WINDOWS\KB2864063.log   [9582]
O44 - LFC:[MD5.7F61DA2C2ABE4CDE60283AA99B480EAF] - 12/09/2013 - 23:25:37 ---A- . (...) -- C:\WINDOWS\win.ini   [658]
O44 - LFC:[MD5.53F73224CC5E372555A5C07B2CEB5F34] - 12/09/2013 - 23:21:32 ---A- . (.Microsoft Corporation - Outil de suppression de logiciels malveilla.) -- C:\WINDOWS\system32\MRT.exe   [76725432]
~ Files: 36 Scanned in 00mn 00s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.0B66A9DF03F16B05C24EC6E6A2041776] - 16/09/2013 - 09:51:23 ---A- - C:\WINDOWS\Prefetch\CSC.EXE-01730C27.pf
O45 - LFCP:[MD5.1AAEB8EF23F1E53BBD19643019C3634A] - 16/09/2013 - 09:51:23 ---A- - C:\WINDOWS\Prefetch\CVTRES.EXE-2329DCD5.pf
O45 - LFCP:[MD5.6A164001F72787B4FCA2ED0FA6FEBD36] - 16/09/2013 - 09:51:47 ---A- - C:\WINDOWS\Prefetch\SNAPDO.EXE-182DA68A.pf
O45 - LFCP:[MD5.6CC96EA31E344FDD4E53D148DC7F50BB] - 16/09/2013 - 09:52:10 ---A- - C:\WINDOWS\Prefetch\TSKILL.EXE-2F6AAB7F.pf
O45 - LFCP:[MD5.E3A8F6538BEF530EB2D21235380E5F90] - 16/09/2013 - 09:52:22 ---A- - C:\WINDOWS\Prefetch\REGASM.EXE-0AD53CEC.pf
O45 - LFCP:[MD5.0C4E3493E1B4B0A8581FED632F73787D] - 16/09/2013 - 14:08:05 ---A- - C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf
O45 - LFCP:[MD5.80B1419173D594CB7995FC6973311CCB] - 16/09/2013 - 14:11:44 ---A- - C:\WINDOWS\Prefetch\HPZSTC09.EXE-3AFDDA16.pf
O45 - LFCP:[MD5.E4AEB5B2185FEC69A4A1166C10A887CE] - 16/09/2013 - 14:11:53 ---A- - C:\WINDOWS\Prefetch\HPZENG09.EXE-21FF5F4F.pf
O45 - LFCP:[MD5.E92F9F23DC5976B650B814BB483EF3F7] - 16/09/2013 - 15:40:16 ---A- - C:\WINDOWS\Prefetch\CRXUPDATER_G.EXE-0C67E2EE.pf
O45 - LFCP:[MD5.42B9A9E5806379AF08556D2596200231] - 17/09/2013 - 08:08:27 ---A- - C:\WINDOWS\Prefetch\AM_ENGINE_PATCH1.EXE-0C15AD30.pf
O45 - LFCP:[MD5.11F47D2FC40DA90DC9135DF3795A10C4] - 17/09/2013 - 08:08:33 ---A- - C:\WINDOWS\Prefetch\AM_BASE_PATCH1.EXE-20DB9DB5.pf
O45 - LFCP:[MD5.4016E721F88449AA46D78D9AF1E2BB5B] - 17/09/2013 - 15:40:15 ---A- - C:\WINDOWS\Prefetch\CRXUPDATER_G.EXE-3701BA5B.pf
O45 - LFCP:[MD5.4C9DE032CA68FC3EBBC6A221C30AF989] - 18/09/2013 - 07:28:55 ---A- - C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf
O45 - LFCP:[MD5.24F06FDA668ECF2811B85C607F5745ED] - 18/09/2013 - 07:29:16 ---A- - C:\WINDOWS\Prefetch\MSI17.TMP-004F3079.pf
O45 - LFCP:[MD5.180B1FFF8F0A503E8860F46A274FAD0E] - 18/09/2013 - 15:02:19 ---A- - C:\WINDOWS\Prefetch\DLLHOST.EXE-33CC18F3.pf
O45 - LFCP:[MD5.77C3D94DB9496E5439ADCAF442ED02EC] - 18/09/2013 - 15:02:22 ---A- - C:\WINDOWS\Prefetch\SOFTWAREUPDATE.EXE-1415D1B8.pf
O45 - LFCP:[MD5.BC818838BC6BCB875A2EA5F40E770970] - 18/09/2013 - 15:40:04 ---A- - C:\WINDOWS\Prefetch\CRXUPDATER_G.EXE-33F791F7.pf
O45 - LFCP:[MD5.65D4E445136E055656D9DD0997E35D62] - 18/09/2013 - 17:30:08 ---A- - C:\WINDOWS\Prefetch\ADOBEARM.EXE-1095AC0A.pf
O45 - LFCP:[MD5.EA03EFD9E6262A8334D8BDF5103FE659] - 18/09/2013 - 20:05:09 ---A- - C:\WINDOWS\Prefetch\WIAACMGR.EXE-212ED878.pf
O45 - LFCP:[MD5.B9969656066B240071784E86578BC2F6] - 18/09/2013 - 22:23:50 ---A- - C:\WINDOWS\Prefetch\POWERPNT.EXE-2F940E7E.pf
O45 - LFCP:[MD5.04C6B656257129646F4671566D418574] - 18/09/2013 - 23:21:05 ---A- - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2FEE7ACC.pf
O45 - LFCP:[MD5.CED7305B1B5E1C300DAF8097D77A2A48] - 18/09/2013 - 23:21:45 ---A- - C:\WINDOWS\Prefetch\RUNDLL32.EXE-21F29FF0.pf
O45 - LFCP:[MD5.865559EDA22D1EB3E77C98EC33250112] - 18/09/2013 - 23:34:37 ---A- - C:\WINDOWS\Prefetch\PHOTOFILTRE.EXE-00101112.pf
O45 - LFCP:[MD5.A61F772DD6E11E09F2116D1C421C42BA] - 19/09/2013 - 08:20:51 ---A- - C:\WINDOWS\Prefetch\MPNOTIFY.EXE-3631A846.pf
O45 - LFCP:[MD5.FF84B59AB358D27910FE23D955102950] - 19/09/2013 - 08:20:57 ---A- - C:\WINDOWS\Prefetch\REALUPGRADE.EXE-267D827A.pf
O45 - LFCP:[MD5.45016821B1E4F68A731767992C9622C7] - 19/09/2013 - 08:20:58 ---A- - C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf
O45 - LFCP:[MD5.AF4D59090238F8559B9DFB86F9CF1A9A] - 19/09/2013 - 08:21:00 ---A- - C:\WINDOWS\Prefetch\WGATRAY.EXE-0ED38BED.pf
O45 - LFCP:[MD5.45AAAE8E535F09F029E1E7168F6E996C] - 19/09/2013 - 08:21:05 ---A- - C:\WINDOWS\Prefetch\REALUPGRADE.EXE-38293202.pf
O45 - LFCP:[MD5.E051BC32AE98B3499D0C569936DE90A7] - 19/09/2013 - 08:21:05 ---A- - C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf
O45 - LFCP:[MD5.04A4DF6F1BC8B48E1E09B70EA6E8C600] - 19/09/2013 - 08:26:05 ---A- - C:\WINDOWS\Prefetch\JAVA.EXE-1E21D4DA.pf
O45 - LFCP:[MD5.6160518A8AE891FCDE6AB3BE4C080384] - 19/09/2013 - 08:26:05 ---A- - C:\WINDOWS\Prefetch\JAVAWS.EXE-1EEF33AA.pf
O45 - LFCP:[MD5.9DE8207163A19082FA3CE58348CA118B] - 19/09/2013 - 08:26:05 ---A- - C:\WINDOWS\Prefetch\JUCHECK.EXE-12B5EA5B.pf
O45 - LFCP:[MD5.BBC11B46519AF22AABEBBA8C7A236370] - 19/09/2013 - 08:26:06 ---A- - C:\WINDOWS\Prefetch\JAVAW.EXE-021F87DA.pf
O45 - LFCP:[MD5.5940806941E29EE59D6209F78FF286E4] - 19/09/2013 - 09:58:29 ---A- - C:\WINDOWS\Prefetch\RNUPGAGENT.EXE-19E9A194.pf
O45 - LFCP:[MD5.B5866DD216EA9FDD213D6EF68C0045E2] - 19/09/2013 - 10:02:15 ---A- - C:\WINDOWS\Prefetch\REALONEMESSAGECENTER.EXE-206EC97E.pf
O45 - LFCP:[MD5.A7F336CC891F6FE5F224DAD9F4AA11AB] - 19/09/2013 - 10:02:16 ---A- - C:\WINDOWS\Prefetch\REALPLAY.EXE-1BF219BD.pf
O45 - LFCP:[MD5.E61E6D18624DB752A9A5395A136F3A2B] - 19/09/2013 - 11:29:31 ---A- - C:\WINDOWS\Prefetch\WINRAR.EXE-39C6DAD9.pf
O45 - LFCP:[MD5.ECCA263193D734FE2DEAA98F48463C79] - 19/09/2013 - 15:40:02 ---A- - C:\WINDOWS\Prefetch\CRXUPDATER_G.EXE-053081CD.pf
O45 - LFCP:[MD5.A12827ADC4854D52B125F509C6272E2C] - 20/09/2013 - 08:27:34 ---A- - C:\WINDOWS\Prefetch\APPLEMOBILEDEVICESERVICE.EXE-0CD7517E.pf
O45 - LFCP:[MD5.92547A697DEDAD457986FEC974A0AED6] - 20/09/2013 - 08:27:34 ---A- - C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf
O45 - LFCP:[MD5.3BD9DEAFFCE6C381B08E11E3AB0752D4] - 20/09/2013 - 08:27:34 ---A- - C:\WINDOWS\Prefetch\JQS.EXE-21B69FF4.pf
O45 - LFCP:[MD5.18638B594B4DC4781A4304D7778FBD1C] - 20/09/2013 - 08:27:34 ---A- - C:\WINDOWS\Prefetch\LVPRCSRV.EXE-13554D2A.pf
O45 - LFCP:[MD5.6F69ACBAAB2B2AC426D438710E71B262] - 20/09/2013 - 08:27:34 ---A- - C:\WINDOWS\Prefetch\MSCORSVW.EXE-1366B4F5.pf
O45 - LFCP:[MD5.119123D506C80A01E761BB40EECD438A] - 20/09/2013 - 08:27:34 ---A- - C:\WINDOWS\Prefetch\MSMSGS.EXE-2B6052DE.pf
O45 - LFCP:[MD5.444968F6DAF88D8C7768BAB7BD721BBD] - 20/09/2013 - 08:27:34 ---A- - C:\WINDOWS\Prefetch\READER_SL.EXE-089975CC.pf
O45 - LFCP:[MD5.03A10817A3B31AED1FE3FC24F33331C0] - 20/09/2013 - 09:47:32 ---A- - C:\WINDOWS\Prefetch\UPDATE.EXE-069F47F3.pf
O45 - LFCP:[MD5.F6E63F990AD432ABC601D6B6CCF709E1] - 20/09/2013 - 10:17:06 ---A- - C:\WINDOWS\Prefetch\INCMAIL.EXE-1D49117E.pf
O45 - LFCP:[MD5.DC3B71A6C857080A27FB83C0FA4553E1] - 20/09/2013 - 12:21:51 ---A- - C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf
O45 - LFCP:[MD5.F196BAE7E57CECE2EA9558E8CB510EAA] - 20/09/2013 - 15:18:00 ---A- - C:\WINDOWS\Prefetch\GOOGLECRASHHANDLER.EXE-16C80308.pf
O45 - LFCP:[MD5.51DE6000D1C84BCA3ED9E938C864BF91] - 20/09/2013 - 15:40:04 ---A- - C:\WINDOWS\Prefetch\CRXUPDATER_G.EXE-092BEE4A.pf
O45 - LFCP:[MD5.685F7EB9E3ECE84ACAE59C175AA0D32A] - 20/09/2013 - 16:37:28 ---A- - C:\WINDOWS\Prefetch\ACRORD32.EXE-3B19D33B.pf
O45 - LFCP:[MD5.19796A29B58E75736364865E02DBAC90] - 20/09/2013 - 20:05:39 ---A- - C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf
O45 - LFCP:[MD5.C4FCB384870ADDFAFE6DBC68CC926247] - 20/09/2013 - 20:11:12 ---A- - C:\WINDOWS\Prefetch\Layout.ini
O45 - LFCP:[MD5.928DBC530B8777A1923FB33343EFEE03] - 20/09/2013 - 20:11:22 ---A- - C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf
O45 - LFCP:[MD5.15E28B03DAF64E38925AF6AD6D16EE2A] - 20/09/2013 - 20:11:22 ---A- - C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf
O45 - LFCP:[MD5.EFADA259F7CD6197F8FC87780429C105] - 20/09/2013 - 21:06:27 ---A- - C:\WINDOWS\Prefetch\FLASHPLAYERINSTALLER.EXE-202A7CDB.pf
O45 - LFCP:[MD5.34A0F14684E1A1B8495E8B562BF733C9] - 20/09/2013 - 21:06:41 ---A- - C:\WINDOWS\Prefetch\FLASHUTIL32_11_8_800_175_ACTI-100C9082.pf
O45 - LFCP:[MD5.C4ACE43A078B88FD5B22610651E6DDCE] - 20/09/2013 - 21:54:52 ---A- - C:\WINDOWS\Prefetch\MALAWARE[1].EXE-15B76928.pf
O45 - LFCP:[MD5.E5DC093220CC959604D47EA50714300C] - 20/09/2013 - 21:59:26 ---A- - C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf
O45 - LFCP:[MD5.FDA1FB46440D5EF00057290338B2A6E1] - 20/09/2013 - 22:25:41 ---A- - C:\WINDOWS\Prefetch\ADWCLEANER[1].EXE-0C35E04B.pf
O45 - LFCP:[MD5.4B0296C5C147ADEFD246E38597ADEE03] - 20/09/2013 - 22:27:58 ---A- - C:\WINDOWS\Prefetch\REG.EXE-0D2A95F7.pf
O45 - LFCP:[MD5.CDD718B7DB00020BC63FC9919472868A] - 20/09/2013 - 22:41:14 ---A- - C:\WINDOWS\Prefetch\AM_DELTA.EXE-2F7A6F0C.pf
O45 - LFCP:[MD5.9E0FFC4F0437DC8D41739807DCC36CE6] - 20/09/2013 - 22:41:21 ---A- - C:\WINDOWS\Prefetch\MPSIGSTUB.EXE-1D30D19B.pf
O45 - LFCP:[MD5.474FF12240C158D58E6BCADF97B8D65B] - 20/09/2013 - 23:01:08 ---A- - C:\WINDOWS\Prefetch\WAJAM_VALIDATE.EXE-07EA151F.pf =>Toolbar.Wajam
O45 - LFCP:[MD5.DAC197A4AD27E074075122CF0A6DD2FC] - 20/09/2013 - 23:01:12 ---A- - C:\WINDOWS\Prefetch\SETUP[1].EXE-1193815A.pf
O45 - LFCP:[MD5.0D9E2EE35B44BA81D0FB40FC1E139DF6] - 20/09/2013 - 23:01:50 ---A- - C:\WINDOWS\Prefetch\DELTATB_20130715.EXE-3A410F3F.pf =>Toolbar.DeltaSearch
O45 - LFCP:[MD5.68A5EFF28D0A8919DC24235F29E68D8D] - 20/09/2013 - 23:01:53 ---A- - C:\WINDOWS\Prefetch\SETUP.EXE-06170146.pf
O45 - LFCP:[MD5.0554A0A41E8F5C389492057BAF10F407] - 20/09/2013 - 23:01:56 ---A- - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2F5ECA7A.pf
O45 - LFCP:[MD5.08B4727FFF6D9FF25C5FC718217545BE] - 20/09/2013 - 23:02:02 ---A- - C:\WINDOWS\Prefetch\SETUP.EXE-0AABB64B.pf
O45 - LFCP:[MD5.4119CC0AF6676640DA27B6E3F8440347] - 20/09/2013 - 23:02:05 ---A- - C:\WINDOWS\Prefetch\DSEARCHLINK.EXE-3417429B.pf =>Toolbar.DeltaSearch
O45 - LFCP:[MD5.EF1DCF8B091484E1332CEF9486512EE6] - 20/09/2013 - 23:02:13 ---A- - C:\WINDOWS\Prefetch\CCP.EXE-1711C3D9.pf
O45 - LFCP:[MD5.2C4976BBE756B5351D30552F7C62BCFF] - 20/09/2013 - 23:02:39 ---A- - C:\WINDOWS\Prefetch\RJATYDIMOFU.EXE-39DB9FB7.pf
O45 - LFCP:[MD5.7CDFA67CFFC413A8543F79FF2F16A625] - 20/09/2013 - 23:02:49 ---A- - C:\WINDOWS\Prefetch\MYDELTATB.EXE-3AF4E758.pf =>Toolbar.DeltaSearch
O45 - LFCP:[MD5.38E85A14CB32B2F073E566B18B29EF59] - 20/09/2013 - 23:02:53 ---A- - C:\WINDOWS\Prefetch\DELTA4FFX.EXE-07F872EA.pf
O45 - LFCP:[MD5.E05E48E6AE64DF3089FAC79B47A767B9] - 20/09/2013 - 23:02:55 ---A- - C:\WINDOWS\Prefetch\DELTASRV.EXE-1A392563.pf
O45 - LFCP:[MD5.165EB89F1B1AA22EF780F02341F3A2B7] - 20/09/2013 - 23:02:56 ---A- - C:\WINDOWS\Prefetch\DELTA4IE.EXE-3A300845.pf
O45 - LFCP:[MD5.3920490967B7F77A31CDDA8BD07F22ED] - 20/09/2013 - 23:03:05 ---A- - C:\WINDOWS\Prefetch\BABMAINT.EXE-33227129.pf =>Hijacker.BabSolution
O45 - LFCP:[MD5.B3A7947AAC9722EE2A5E54D13C3A61C4] - 20/09/2013 - 23:03:22 ---A- - C:\WINDOWS\Prefetch\FILEOPENERPRO_INSTALLER.EXE-2572672F.pf
O45 - LFCP:[MD5.6BDC266B99E689D94106F34028094341] - 20/09/2013 - 23:04:27 ---A- - C:\WINDOWS\Prefetch\TASKKILL.EXE-0A8306E3.pf
O45 - LFCP:[MD5.71CF17B79488369D135DEA629EDF669B] - 20/09/2013 - 23:07:15 ---A- - C:\WINDOWS\Prefetch\XPNETDIAG.EXE-1275668B.pf
O45 - LFCP:[MD5.5EBD42BF432887838DFC57964F6BD943] - 20/09/2013 - 23:18:15 ---A- - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2295682B.pf
O45 - LFCP:[MD5.DFE46C42026B3FE47990A5EC6F0E21B4] - 20/09/2013 - 23:24:49 ---A- - C:\WINDOWS\Prefetch\RSTHOSTS[1].EXE-248D7B94.pf
O45 - LFCP:[MD5.9D5AC1F5D45C76AA39617289D51AD886] - 20/09/2013 - 23:25:03 ---A- - C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf
O45 - LFCP:[MD5.219B48AA324A4D5B9F3A4DCBC447AB16] - 20/09/2013 - 23:41:24 ---A- - C:\WINDOWS\Prefetch\MBAM-SETUP-17501300.TMP-3772350D.pf
O45 - LFCP:[MD5.17546A527010C80C3D11E323B7940CC2] - 20/09/2013 - 23:50:28 ---A- - C:\WINDOWS\Prefetch\MBAM-SETUP-17501300.EXE-2BF66CF0.pf
O45 - LFCP:[MD5.69CB0327ED8C449E32B1EC781EB28B17] - 20/09/2013 - 23:50:28 ---A- - C:\WINDOWS\Prefetch\MBAM-SETUP-17501300.TMP-30978CA7.pf
O45 - LFCP:[MD5.92E2AD6C196807824360DAFF78B0C9BB] - 20/09/2013 - 23:59:47 ---A- - C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf
O45 - LFCP:[MD5.763DAFC4234A6961C2BAEDE5F95CDC2E] - 21/09/2013 - 00:15:05 ---A- - C:\WINDOWS\Prefetch\NOTEPAD.EXE-189578DA.pf
O45 - LFCP:[MD5.1A76F066DA8FBC9F852B33DCF15FB4A6] - 21/09/2013 - 00:19:26 ---A- - C:\WINDOWS\Prefetch\APSDAEMON.EXE-187CD497.pf
O45 - LFCP:[MD5.0147144A6421C78FD1CF2EEB782C15FD] - 21/09/2013 - 00:19:26 ---A- - C:\WINDOWS\Prefetch\HKCMD.EXE-1D05234B.pf
O45 - LFCP:[MD5.CD15BEE35AA0425B963A4FEFDF29476B] - 21/09/2013 - 00:19:26 ---A- - C:\WINDOWS\Prefetch\IGFXPERS.EXE-2C07C174.pf
O45 - LFCP:[MD5.E5A993FD44F0F5A39097365E1B15CA81] - 21/09/2013 - 00:19:26 ---A- - C:\WINDOWS\Prefetch\IGFXSRVC.EXE-2FB63FE8.pf
O45 - LFCP:[MD5.C28A21D1D5AF77141F4616CE31918BBF] - 21/09/2013 - 00:19:26 ---A- - C:\WINDOWS\Prefetch\IGFXTRAY.EXE-3391579A.pf
O45 - LFCP:[MD5.562A437FA74244C66E79372153610A73] - 21/09/2013 - 00:19:26 ---A- - C:\WINDOWS\Prefetch\IMAPP.EXE-093362B0.pf
O45 - LFCP:[MD5.D807B6E1383D38F0060CC53A2B7EBF94] - 21/09/2013 - 00:19:26 ---A- - C:\WINDOWS\Prefetch\JUSCHED.EXE-0173BDFB.pf
O45 - LFCP:[MD5.B42E14F103333963A0509C1551FE70AE] - 21/09/2013 - 00:19:26 ---A- - C:\WINDOWS\Prefetch\MSSECES.EXE-14257906.pf
O45 - LFCP:[MD5.E4FCBCA4FF99FCFDB4B8552A9C4E677F] - 21/09/2013 - 00:19:26 ---A- - C:\WINDOWS\Prefetch\REALSCHED.EXE-22EEE8BD.pf
O45 - LFCP:[MD5.44C06F0DBA2835FCFB887A342B380315] - 21/09/2013 - 00:19:26 ---A- - C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf
O45 - LFCP:[MD5.EEDF6B768EB1F8DE39C8141F5DA9BA04] - 21/09/2013 - 00:19:26 ---A- - C:\WINDOWS\Prefetch\YNPAQ.EXE-2197FF4D.pf
O45 - LFCP:[MD5.633AEFF625DD43905038A4F5A1D7CD76] - 21/09/2013 - 00:26:41 ---A- - C:\WINDOWS\Prefetch\MBAM-RULES[1].TMP-37F07783.pf
O45 - LFCP:[MD5.21AB8E8BC76E0264B56DF69D9AF73001] - 21/09/2013 - 00:28:01 ---A- - C:\WINDOWS\Prefetch\FACEBOOKUPDATE.EXE-0535DB3E.pf
O45 - LFCP:[MD5.90724398138B985EC37EC63F7F17B312] - 21/09/2013 - 00:29:41 ---A- - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2F140B47.pf
O45 - LFCP:[MD5.10AA1BCD6F8A56C90A5D8C6B5EFCC88D] - 21/09/2013 - 00:30:39 ---A- - C:\WINDOWS\Prefetch\BITGUARD.EXE-2B7EAB9E.pf =>PUP.BitGuard
O45 - LFCP:[MD5.ED09027A1150E16B5B0CE44DADC4EC4B] - 21/09/2013 - 07:54:51 ---A- - C:\WINDOWS\Prefetch\DWTRIG20.EXE-1B5A890A.pf
O45 - LFCP:[MD5.50CC1AD84D6F6BC11D8572416662AC0F] - 21/09/2013 - 07:54:51 ---A- - C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf
O45 - LFCP:[MD5.AC7219C63DEC40109B197FBC8BE82EDC] - 21/09/2013 - 07:54:51 ---A- - C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf
O45 - LFCP:[MD5.FFF6319CFD0805D78223B68D7AA41978] - 21/09/2013 - 07:54:51 ---A- - C:\WINDOWS\Prefetch\RNDLRESOLVERSVC.EXE-316056A9.pf
O45 - LFCP:[MD5.1EE2F086FADACA684DE2545D4002FB64] - 21/09/2013 - 07:54:51 ---A- - C:\WINDOWS\Prefetch\UPDATER.EXE-23F4D955.pf
O45 - LFCP:[MD5.80F0CB304C93B1F7672E09AEDABB8160] - 21/09/2013 - 07:54:51 ---A- - C:\WINDOWS\Prefetch\WMPNSCFG.EXE-18926138.pf
O45 - LFCP:[MD5.5F1F2848539D0F5F5B79568A71E6495E] - 21/09/2013 - 07:54:52 ---A- - C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf
O45 - LFCP:[MD5.AE7CCDD5DBBF8111B661FF1FBB80E6FC] - 21/09/2013 - 07:54:52 ---A- - C:\WINDOWS\Prefetch\WMIAPSRV.EXE-1E2270A5.pf
O45 - LFCP:[MD5.72BBDA78F44C7D6E732BD46DA7BC48F4] - 21/09/2013 - 07:54:52 ---A- - C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf
O45 - LFCP:[MD5.4917356E74C29C335A69E753E3E0F1AD] - 21/09/2013 - 07:54:53 ---A- - C:\WINDOWS\Prefetch\WMPNETWK.EXE-2C0727AF.pf
O45 - LFCP:[MD5.00EF5E2DBBDEC0E0FAE0BB76BC7285A8] - 21/09/2013 - 07:54:54 ---A- - C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf
O45 - LFCP:[MD5.F547E57729A4CC9A1AE1BDF9BB188AB3] - 21/09/2013 - 07:56:33 ---A- - C:\WINDOWS\Prefetch\MBAM.EXE-0BEE0439.pf
O45 - LFCP:[MD5.5A8DACA6A91F6A000219565879BEB9AB] - 21/09/2013 - 07:56:33 ---A- - C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf
O45 - LFCP:[MD5.55F03781294A8A23E7709BB5E05F5C50] - 21/09/2013 - 07:58:30 ---A- - C:\WINDOWS\Prefetch\WINWORD.EXE-37F6AE09.pf
O45 - LFCP:[MD5.D12338A9FA781496C1B05BB5868AA784] - 21/09/2013 - 07:59:08 ---A- - C:\WINDOWS\Prefetch\WLLOGINPROXY.EXE-2D4B6027.pf
O45 - LFCP:[MD5.5C4F4C9B3C913483B05835AEC32CC187] - 21/09/2013 - 08:10:30 ---A- - C:\WINDOWS\Prefetch\RECORDINGMANAGER.EXE-3976887F.pf
O45 - LFCP:[MD5.FA5AE8375EFD7E38C11121CA023F099B] - 21/09/2013 - 08:18:01 ---A- - C:\WINDOWS\Prefetch\GOOGLEUPDATE.EXE-1E123D86.pf
O45 - LFCP:[MD5.5909C21D6D762AE420DED8BF81E3CCC5] - 21/09/2013 - 08:48:56 ---A- - C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf
O45 - LFCP:[MD5.6888A3B2C6A6FF000D148A6416B3695A] - 21/09/2013 - 08:57:11 ---A- - C:\WINDOWS\Prefetch\BABMAINT.EXE-024311E9.pf =>Hijacker.BabSolution
O45 - LFCP:[MD5.3E7856638ABD7A71293C27B194119F73] - 21/09/2013 - 09:06:00 ---A- - C:\WINDOWS\Prefetch\FLASHPLAYERUPDATESERVICE.EXE-34BC5027.pf
O45 - LFCP:[MD5.65BB9D082A96B2B8A0FEACD02A2F5E02] - 21/09/2013 - 09:07:11 ---A- - C:\WINDOWS\Prefetch\RUNDLL32.EXE-14067AF7.pf
O45 - LFCP:[MD5.F8023E057BEC1CBBF0A52544D0850B6A] - 21/09/2013 - 09:09:56 ---A- - C:\WINDOWS\Prefetch\MPCMDRUN.EXE-1E628E9C.pf
O45 - LFCP:[MD5.AE75B9C0D45A3D6F77631C09750DFA2F] - 21/09/2013 - 09:10:03 ---A- - C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf
O45 - LFCP:[MD5.B51A9AE165C79615A56ABF521CE69EF9] - 21/09/2013 - 09:10:15 ---A- - C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf
O45 - LFCP:[MD5.E7833D0F8BC872C76B1AE1A20D94AA35] - 21/09/2013 - 09:12:00 ---A- - C:\WINDOWS\Prefetch\SC.EXE-012262AF.pf
O45 - LFCP:[MD5.7AFBFE6CC6B4DE708C816A60446990D5] - 21/09/2013 - 09:14:03 ---A- - C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf
O45 - LFCP:[MD5.F60DD45D99A89E4D27D6C9D59C678520] - 21/09/2013 - 09:14:19 ---A- - C:\WINDOWS\Prefetch\SCHTASKS.EXE-0CBF6A11.pf
~ Prefetcher: 130 Scanned in 00mn 00s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\sessmgr.exe" [Disabled] .(.Microsoft Corporation.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Kazaa\kazaa.exe" [Enabled] .(...) -- C:\Program Files\Kazaa\kazaa.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Messenger\msmsgs.exe" [Enabled] .(.Microsoft Corporation.) -- C:\Program Files\Messenger\msmsgs.exe
O47 - AAKE:Key Export SP - "C:\Program Files\MSN Messenger\msnmsgr.exe" [Enabled] .(...) -- C:\Program Files\MSN Messenger\msnmsgr.exe (.not file.)
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export SP - "C:\Program Files\IncrediMail\Bin\IncMail.exe" [Enabled] .(.IncrediMail, Ltd..) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
O47 - AAKE:Key Export SP - "C:\Program Files\IncrediMail\Bin\ImApp.exe" [Enabled] .(.IncrediMail, Ltd..) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
O47 - AAKE:Key Export SP - "C:\Program Files\IncrediMail\Bin\ImpCnt.exe" [Enabled] .(.IncrediMail, Ltd..) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Logitech\Vid HD\Vid.exe" [Enabled] .(.Logitech Inc..) -- C:\Program Files\Logitech\Vid HD\Vid.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe" [Enabled] .(.Apple Inc..) -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Skype\Phone\Skype.exe" [Enabled] .(.Skype Technologies S.A..) -- C:\Program Files\Skype\Phone\Skype.exe
O47 - AAKE:Key Export SP - "C:\Documents and Settings\Anne\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" [Enabled] .(.Skype Limited.) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe
O47 - AAKE:Key Export SP - "C:\WINDOWS\explorer.exe" [Enabled] .(.Microsoft Corporation.) -- C:\WINDOWS\explorer.exe
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export DP - "C:\Program Files\MSN Messenger\msnmsgr.exe" [Enabled] .(...) -- C:\Program Files\MSN Messenger\msnmsgr.exe (.not file.)
O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
~ Keys Export: 17 Scanned in 00mn 00s



---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\system32\msv1_0.dll
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Service client pour le fournisseur NetWare et DLL d'authentification.) -- C:\WINDOWS\system32\nwprovau.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'Éditeur de configuration de sécurité Windows.) -- C:\WINDOWS\system32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Kerberos Security Package.) -- C:\WINDOWS\system32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\system32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\WINDOWS\system32\wdigest.dll
~ LSA: 7 Scanned in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\system32\Drivers\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\system32\Drivers\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys . (.Microsoft Corporation - Pilote de filtre de système de fichiers pour la restauration du système.) -- C:\WINDOWS\system32\Drivers\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\system32\Drivers\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\system32\Drivers\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys . (.Microsoft Corporation - IPv6 Windows Firewall Driver.) -- C:\WINDOWS\system32\Drivers\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\system32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\WINDOWS\system32\Drivers\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys . (...) -- C:\WINDOWS\system32\Drivers\rdpdd.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys . (.Microsoft Corporation - RDP Terminal Stack Driver (US/Canada Only, Not for Export).) -- C:\WINDOWS\system32\Drivers\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys . (.Microsoft Corporation - Pilote de filtre de système de fichiers pour la restauration du système.) -- C:\WINDOWS\system32\Drivers\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys . (.Microsoft Corporation - Named Pipe Transport Driver.) -- C:\WINDOWS\system32\Drivers\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys . (.Microsoft Corporation - TCP Transport Driver.) -- C:\WINDOWS\system32\Drivers\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.)
~ CSB: 21 Scanned in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO:  Scanned in 00mn 00s



---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech(TM) DSP Group pour MSACM V3.50.) -- C:\WINDOWS\system32\tssoft32.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\system32\iccvid.dll
O52 - TDSD: \Drivers32\"VIDC.I420"="lvcodec2.dll" . (.Logitech Inc. - Video Codec.) -- C:\WINDOWS\system32\lvcodec2.dll
O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\system32\ir41_32.ax
O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm
O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\system32\ir50_32.dll
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
O52 - TDSD: \Drivers32\"VIDC.ACDV"="ACDV.dll" . (.ACD Systems - ACDV.) -- C:\WINDOWS\system32\ACDV.dll
O52 - TDSD: \Drivers32\"msacm.ac3filter"="ac3filter.acm" . (.Pas de propriétaire - ac3filter.) -- C:\WINDOWS\system32\ac3filter.acm
O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
O52 - TDSD: \drivers.desc\"huffyuv.dll"="Huffyuv lossless codec [HFYU]" . (.Disappearing Inc. - Huffyuv lossless video codec.) -- C:\WINDOWS\system32\huffyuv.dll
O52 - TDSD: \drivers.desc\"vp6vfw.dll"="EA VP6 Codec" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\WINDOWS\system32\vp6vfw.dll
O52 - TDSD: \drivers.desc\"ac3filter.acm"="AC3Filter ACM codec" . (.Pas de propriétaire - ac3filter.) -- C:\WINDOWS\system32\ac3filter.acm
~ TDSD: 18 Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Adobe ARM  [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher  [Key] . (...) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\APSDaemon  [Key] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe
O53 - SMSR:HKLM\...\startupreg\Bubble Dock  [Key] . (...) -- C:\Documents and Settings\Anne\Application Data\Nosibay\Bubble Dock\LBubble Dock.exe (.not file.) =>Toolbar.BubbleDock
O53 - SMSR:HKLM\...\startupreg\ctfmon.exe  [Key] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O53 - SMSR:HKLM\...\startupreg\EA Core  [Key] . (...) -- C:\Program Files\Electronic Arts\EADM\Core.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\EdenFlirt  [Key] . (...) -- C:\Program Files\Eden Flirt\EdenFlirt.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\HDAudDeck  [Key] . (.VIA Technologies, Inc. - HDeck MFC Application.) -- C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
O53 - SMSR:HKLM\...\startupreg\HP Component Manager  [Key] . (.Hewlett-Packard Company - HP Framework Component Manager Service.) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
O53 - SMSR:HKLM\...\startupreg\HP Software Update  [Key] . (.Hewlett-Packard - hpwuSchd.) -- C:\Program Files\HP\HP Software Update\HPWuSchd.exe
O53 - SMSR:HKLM\...\startupreg\Logitech Vid  [Key] . (.Logitech Inc. - Logitech Vid HD.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
O53 - SMSR:HKLM\...\startupreg\LWS  [Key] . (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
O53 - SMSR:HKLM\...\startupreg\Malwarebytes' Anti-Malware  [Key] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
O53 - SMSR:HKLM\...\startupreg\MSC  [Key] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O53 - SMSR:HKLM\...\startupreg\StickyPassword  [Key] . (...) -- C:\Program Files\Sticky Password\stpass.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\SunJavaUpdateSched  [Key] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
O53 - SMSR:HKLM\...\startupreg\swg  [Key] . (...) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\TkBellExe  [Key] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\program files\real\realplayer\update\realsched.exe
O53 - SMSR:HKLM\...\startupreg\TomTomHOME.exe  [Key] . (...) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\UnlockerAssistant  [Key] . (...) -- C:\Documents and Settings\Anne\Bureau\Unlocker\UnlockerAssistant.exe
~ SMSR Keys: 21 Scanned in 00mn 00s



---\\ Enumération des clés de registre SecurityProviders (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll
~ MSCP: 6 Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
~ MWPS: 6 Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145
O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=1
~ MWPE Keys: 2 Scanned in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C719341A1CF6AFD4FA0808AE3D23D6A3] - 23/08/2010 - 17:41:05 ---A- . (.Oak Technology Inc. - Audio File System.) -- C:\WINDOWS\system32\Drivers\AFS2K.SYS   [43488]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys   [9037]
~ Drivers: 6 Scanned in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 18/09/2013 - 07:33:37 R--A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\Attachments\{7E20985A-FD84-477A-B400-BB3150BC8999}\ATTC9.txt   [168]
O61 - LFC: 18/09/2013 - 07:33:38 R--A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\Attachments\ATTCD.txt   [168]
O61 - LFC: 18/09/2013 - 07:33:39 R--A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\Attachments\ATTCE.txt   [168]
O61 - LFC: 18/09/2013 - 07:33:41 R--A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\Attachments\ATTCF.txt   [168]
O61 - LFC: 18/09/2013 - 07:59:36 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\C5JQTBA0\www.radars-auto[1].xml   [13]
O61 - LFC: 18/09/2013 - 08:04:59 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\X4ESP0CC\poitou-charentes.france3[1].xml   [13]
O61 - LFC: 18/09/2013 - 08:05:01 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\JVGH92WZ\disqus[1].xml   [927]
O61 - LFC: 18/09/2013 - 10:28:52 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\5JVOXNX6.txt   [714]
O61 - LFC: 18/09/2013 - 12:00:27 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\U1U92K28\news.radins[1].xml   [80]
O61 - LFC: 18/09/2013 - 12:14:25 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\XHU4LSPP.txt   [138]
O61 - LFC: 18/09/2013 - 12:28:04 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\SI1016R4.txt   [1862]
O61 - LFC: 18/09/2013 - 13:41:58 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\7B9F1QPD\www.aubergedecassagne[1].xml   [44209]
O61 - LFC: 18/09/2013 - 14:15:04 R--A- . (.pc.) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\Attachments\pommade_miracle.pps   [70144]
O61 - LFC: 18/09/2013 - 14:25:13 R--A- . (.ejamet-cp.) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\Attachments\282596_lande1.pps   [2043392]
O61 - LFC: 18/09/2013 - 14:45:10 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\MXGUXFWH.txt   [826]
O61 - LFC: 18/09/2013 - 14:45:48 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\X1Z0UW0R\catalogue.3m[1].xml   [13]
O61 - LFC: 18/09/2013 - 14:55:50 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\C5JQTBA0\fr.answers.yahoo[1].xml   [98] =>Toolbar.Yahoo
O61 - LFC: 18/09/2013 - 15:01:32 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\X4ESP0CC\www.bricozone[1].xml   [13]
O61 - LFC: 18/09/2013 - 17:21:37 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\8YUXS3KQ.txt   [308]
O61 - LFC: 18/09/2013 - 17:28:19 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\JVGH92WZ\dub119.mail.live[1].xml   [440]
O61 - LFC: 18/09/2013 - 17:29:08 -SHA- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\acrord32_sbx\Cookies\index.dat   [16384]
O61 - LFC: 18/09/2013 - 17:29:08 -SHA- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\acrord32_sbx\Fichiers Internet temporaires\Content.IE5\index.dat   [32768]
O61 - LFC: 18/09/2013 - 17:29:08 -SHA- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\acrord32_sbx\History\History.IE5\index.dat   [16384]
O61 - LFC: 18/09/2013 - 17:29:14 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Adobe\Acrobat\11.0\Cache\RdLang_rdlang32.fra   [12196864]
O61 - LFC: 18/09/2013 - 17:29:22 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Adobe\Acrobat\11.0\Security\services_rdrk.dat   [180]
O61 - LFC: 18/09/2013 - 17:29:24 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Adobe\Acrobat\11.0\Cache\RdLang_AcroForm.FRA   [1310720]
O61 - LFC: 18/09/2013 - 17:29:25 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Adobe\Acrobat\11.0\Cache\RdLang_DigSig.FRA   [311808]
O61 - LFC: 18/09/2013 - 17:29:25 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Adobe\Acrobat\11.0\Cache\RdLang_PPKLite.FRA   [1125376]
O61 - LFC: 18/09/2013 - 17:29:27 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Adobe\Acrobat\11.0\Cache\RdLang_Accessibility.FRA   [71168]
O61 - LFC: 18/09/2013 - 17:29:27 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Adobe\Acrobat\11.0\Cache\RdLang_EScript.FRA   [73728]
O61 - LFC: 18/09/2013 - 17:29:28 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Adobe\Acrobat\11.0\Cache\RdLang_Annots.FRA   [3030528]
O61 - LFC: 18/09/2013 - 17:29:29 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Adobe\Acrobat\11.0\UserCache.bin   [65201]
O61 - LFC: 18/09/2013 - 17:29:33 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Adobe\Acrobat\11.0\Cache\RdLang_SendMail.FRA   [60928]
O61 - LFC: 18/09/2013 - 17:29:41 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Adobe\Acrobat\11.0\Cache\AcroFnt11.lst   [8244]
O61 - LFC: 18/09/2013 - 17:29:51 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Adobe\Acrobat\11.0\Security\CRLCache\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl   [898]
O61 - LFC: 18/09/2013 - 17:29:51 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Adobe\Acrobat\11.0\Security\CRLCache\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl   [36163]
O61 - LFC: 18/09/2013 - 17:30:07 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Adobe\Acrobat\11.0\Cache\RdLang_Updater.FRA   [12800]
O61 - LFC: 18/09/2013 - 17:37:39 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\YTVC8H0X.txt   [186]
O61 - LFC: 18/09/2013 - 17:42:23 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\XKB3AWTB.txt   [292]
O61 - LFC: 18/09/2013 - 18:30:43 ---A- . (...) -- C:\Documents and Settings\Anne\Recent\assedic Sofia[1].pdf.lnk   [498]
O61 - LFC: 18/09/2013 - 18:30:45 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Adobe\Acrobat\11.0\Cache\RdLang_PDDom.FRA   [12800]
O61 - LFC: 18/09/2013 - 18:30:45 ---A- . (...) -- C:\Documents and Settings\Anne\Mes documents\assedic Sofia[1].pdf   [463543]
O61 - LFC: 18/09/2013 - 18:30:49 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Adobe\Acrobat\11.0\Security\services_rdr.dat   [10240]
O61 - LFC: 18/09/2013 - 18:30:49 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Adobe\Acrobat\11.0\Security\services_rdri.dat   [24152]
O61 - LFC: 18/09/2013 - 18:33:02 ---A- . (...) -- C:\Documents and Settings\Anne\Recent\TR sofia.zip.lnk   [303]
O61 - LFC: 18/09/2013 - 18:33:04 ---A- . (...) -- C:\Documents and Settings\Anne\Bureau\TR sofia.zip   [614967]
O61 - LFC: 18/09/2013 - 18:35:02 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Adobe\Acrobat\11.0\JSCache\GlobSettings   [24]
O61 - LFC: 18/09/2013 - 18:35:02 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Adobe\Acrobat\11.0\TMDocs.sav   [36]
O61 - LFC: 18/09/2013 - 18:35:02 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Adobe\Acrobat\11.0\TMGrpPrm.sav   [54]
O61 - LFC: 18/09/2013 - 18:35:02 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Adobe\Acrobat\11.0\SharedDataEvents   [3072]
O61 - LFC: 18/09/2013 - 22:23:53 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\OFFICE\Spotlight\111036.xml   [2044]
O61 - LFC: 18/09/2013 - 22:23:53 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\OFFICE\Spotlight\211036.xml   [482]
O61 - LFC: 18/09/2013 - 22:23:53 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\OFFICE\Spotlight\221036.xml   [489]
O61 - LFC: 18/09/2013 - 22:24:27 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\Office\PowerP11.pip   [1924]
O61 - LFC: 18/09/2013 - 22:24:27 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\PowerPoint\PPT11.pcb   [1839]
O61 - LFC: 18/09/2013 - 22:45:29 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\7B9F1QPD\www.hellocoton[1].xml   [13]
O61 - LFC: 18/09/2013 - 22:45:36 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\N2Y8C3TA.txt   [1206]
O61 - LFC: 18/09/2013 - 22:49:47 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\K3717G57.txt   [615]
O61 - LFC: 18/09/2013 - 23:25:00 ---A- . (...) -- C:\Documents and Settings\Anne\Recent\3103129449_1_3_F2YcEU72.jpg.lnk   [744]
O61 - LFC: 18/09/2013 - 23:25:04 ---A- . (...) -- C:\Documents and Settings\Anne\Recent\a homme sage.png.lnk   [689]
O61 - LFC: 18/09/2013 - 23:32:33 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\NU3MLB9W\fr.123rf[1].xml   [96]
O61 - LFC: 18/09/2013 - 23:34:42 ---A- . (...) -- C:\Documents and Settings\Anne\Recent\enfant-qui-joue-a-cache-cache.jpg.lnk   [774]
O61 - LFC: 18/09/2013 - 23:50:50 ---A- . (...) -- C:\Documents and Settings\Anne\Recent\Mes images.lnk   [442]
O61 - LFC: 18/09/2013 - 23:50:50 ---A- . (...) -- C:\Documents and Settings\Anne\Recent\a pages 1.png.lnk   [674]
O61 - LFC: 19/09/2013 - 08:26:06 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Sun\Java\Deployment\security\update.timestamp   [1]
O61 - LFC: 19/09/2013 - 09:56:53 R--A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\Attachments\colonie_de_vacances.mp4   [3164337]
O61 - LFC: 19/09/2013 - 09:57:02 R--A- . (.fredje.) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\Attachments\Les marocains et leur maison en Belgique.pps   [2001920]
O61 - LFC: 19/09/2013 - 09:57:06 R--A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\Attachments\SYRIE__INGERENCE_DELIBEREE_SOUS_PRETEXTE_DOUTEUX.pdf   [109997]
O61 - LFC: 19/09/2013 - 09:57:06 R--A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\Attachments\Syrie-Synthese-Nationale-de-Renseignement-.pdf   [82182]
O61 - LFC: 19/09/2013 - 09:57:11 R--A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\Attachments\MME JACQUES VERGES A PARIS.pdf   [112454]
O61 - LFC: 19/09/2013 - 09:57:15 R--A- . (.wim.) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\Attachments\3_blondes_a_la_plage_(18 ).pps   [155136]
O61 - LFC: 19/09/2013 - 09:57:43 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\Attachments\colonie_de_vacances.mp4_thumb.bmp   [24174]
O61 - LFC: 19/09/2013 - 09:58:29 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Real\Update\Update-log.txt   [20943]
O61 - LFC: 19/09/2013 - 10:02:15 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Real\Msg\Messages.dat   [349]
O61 - LFC: 19/09/2013 - 11:22:33 -SHA- . (...) -- C:\Documents and Settings\Anne\Mes documents\Mes images\Thumbs.db   [8471552]
O61 - LFC: 19/09/2013 - 11:22:37 -SHA- . (...) -- C:\Documents and Settings\Anne\Mes documents\Thumbs.db   [1778992]
O61 - LFC: 19/09/2013 - 11:22:52 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\Office\Récent\réapprendre à vivre.doc.lnk   [776]
O61 - LFC: 19/09/2013 - 11:37:19 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\X1Z0UW0R\wamiz[1].xml   [13]
O61 - LFC: 19/09/2013 - 14:12:41 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\C5JQTBA0\www.meubliz[1].xml   [13]
O61 - LFC: 19/09/2013 - 14:14:23 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\X4ESP0CC\forums.france5[1].xml   [13]
O61 - LFC: 19/09/2013 - 14:56:42 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\7B9F1QPD\sso.francetv[1].xml   [13]
O61 - LFC: 19/09/2013 - 18:02:08 ---A- . (...) -- C:\Documents and Settings\Anne\Recent\réapprendre à vivre.doc.lnk   [601]
O61 - LFC: 19/09/2013 - 18:02:22 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\Office\Récent\Houlà.doc.lnk   [704]
O61 - LFC: 19/09/2013 - 18:02:35 ---A- . (...) -- C:\Documents and Settings\Anne\Recent\Houlà.doc.lnk   [529]
O61 - LFC: 19/09/2013 - 18:03:02 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\Office\Récent\bat toi.doc.lnk   [716]
O61 - LFC: 19/09/2013 - 18:03:29 ---A- . (...) -- C:\Documents and Settings\Anne\Recent\bat toi.doc.lnk   [541]
O61 - LFC: 19/09/2013 - 18:03:51 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\Office\Récent\Je me sens tellement déchirée.doc.lnk   [826]
O61 - LFC: 19/09/2013 - 18:03:51 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\Office\Récent\Mes documents.lnk   [606]
O61 - LFC: 19/09/2013 - 18:03:51 --H-- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\Office\Récent\index.dat   [1764]
O61 - LFC: 19/09/2013 - 18:04:07 ---A- . (...) -- C:\Documents and Settings\Anne\Recent\Je me sens tellement déchirée.doc.lnk   [651]
O61 - LFC: 19/09/2013 - 18:04:23 ---A- . (...) -- C:\Documents and Settings\Anne\Bureau\Pensée positive du jour ! - Alexandra Julien- Thérapeute holistique et énergétique - Auteur.url   [3721]
O61 - LFC: 19/09/2013 - 18:05:17 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\QG2VYIBM.txt   [503]
O61 - LFC: 19/09/2013 - 18:05:17 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\SSY4IGNP.txt   [117]
O61 - LFC: 19/09/2013 - 18:07:35 ---A- . (...) -- C:\Documents and Settings\Anne\Recent\UN AMOUR PASSAGER___ - Alexandra Julien- Thérapeute holistique - Auteure.mht.lnk   [910]
O61 - LFC: 19/09/2013 - 18:07:49 ---A- . (...) -- C:\Documents and Settings\Anne\Mes documents\UN AMOUR PASSAGER___ - Alexandra Julien- Thérapeute holistique - Auteure.txt   [2782]
O61 - LFC: 19/09/2013 - 18:07:57 ---A- . (...) -- C:\Documents and Settings\Anne\Recent\UN AMOUR PASSAGER___ - Alexandra Julien- Thérapeute holistique - Auteure.txt.lnk   [866]
O61 - LFC: 20/09/2013 - 09:11:05 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\2JBXDQV3.txt   [558]
O61 - LFC: 20/09/2013 - 09:15:50 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\3H35GRUA.txt   [336]
O61 - LFC: 20/09/2013 - 09:15:50 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\AIALYDBP.txt   [412]
O61 - LFC: 20/09/2013 - 09:15:50 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\IMJQBBUK.txt   [565]
O61 - LFC: 20/09/2013 - 10:52:46 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img24.htm   [301]
O61 - LFC: 20/09/2013 - 10:53:06 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img25.htm   [301]
O61 - LFC: 20/09/2013 - 10:54:06 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img26.htm   [301]
O61 - LFC: 20/09/2013 - 11:08:07 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img29.htm   [301]
O61 - LFC: 20/09/2013 - 11:20:47 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img2A.htm   [301]
O61 - LFC: 20/09/2013 - 11:21:47 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img2B.htm   [301]
O61 - LFC: 20/09/2013 - 11:35:30 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img2F.htm   [301]
O61 - LFC: 20/09/2013 - 11:49:10 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img35.htm   [301]
O61 - LFC: 20/09/2013 - 12:01:30 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img36.htm   [301]
O61 - LFC: 20/09/2013 - 12:02:30 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img37.htm   [301]
O61 - LFC: 20/09/2013 - 12:15:50 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img3A.htm   [301]
O61 - LFC: 20/09/2013 - 12:16:50 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img3B.htm   [301]
O61 - LFC: 20/09/2013 - 12:29:30 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img3C.htm   [301]
O61 - LFC: 20/09/2013 - 12:30:30 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img3D.htm   [301]
O61 - LFC: 20/09/2013 - 12:42:50 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img3E.htm   [301]
O61 - LFC: 20/09/2013 - 12:43:10 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img3F.htm   [301]
O61 - LFC: 20/09/2013 - 12:44:10 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img40.htm   [301]
O61 - LFC: 20/09/2013 - 12:56:48 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img41.htm   [301]
O61 - LFC: 20/09/2013 - 12:57:49 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img42.htm   [301]
O61 - LFC: 20/09/2013 - 12:58:17 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img43.htm   [301]
O61 - LFC: 20/09/2013 - 13:11:07 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img44.htm   [301]
O61 - LFC: 20/09/2013 - 13:12:07 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img45.htm   [301]
O61 - LFC: 20/09/2013 - 13:24:59 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img48.htm   [301]
O61 - LFC: 20/09/2013 - 13:25:59 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img49.htm   [301]
O61 - LFC: 20/09/2013 - 13:38:19 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img4A.htm   [301]
O61 - LFC: 20/09/2013 - 13:38:37 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img4B.htm   [301]
O61 - LFC: 20/09/2013 - 13:39:37 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img4C.htm   [301]
O61 - LFC: 20/09/2013 - 13:51:57 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img4D.htm   [301]
O61 - LFC: 20/09/2013 - 13:52:57 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img4E.htm   [301]
O61 - LFC: 20/09/2013 - 13:53:37 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img4F.htm   [301]
O61 - LFC: 20/09/2013 - 14:06:18 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img50.htm   [301]
O61 - LFC: 20/09/2013 - 14:07:19 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img51.htm   [301]
O61 - LFC: 20/09/2013 - 14:19:57 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img52.htm   [301]
O61 - LFC: 20/09/2013 - 14:20:57 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img53.htm   [301]
O61 - LFC: 20/09/2013 - 14:33:17 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img54.htm   [301]
O61 - LFC: 20/09/2013 - 14:33:46 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img57.htm   [301]
O61 - LFC: 20/09/2013 - 14:34:46 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img58.htm   [301]
O61 - LFC: 20/09/2013 - 14:47:07 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img59.htm   [301]
O61 - LFC: 20/09/2013 - 14:48:07 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img5A.htm   [301]
O61 - LFC: 20/09/2013 - 14:48:45 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img5B.htm   [301]
O61 - LFC: 20/09/2013 - 15:01:28 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img5C.htm   [301]
O61 - LFC: 20/09/2013 - 15:02:28 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img5D.htm   [301]
O61 - LFC: 20/09/2013 - 15:15:08 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img5E.htm   [301]
O61 - LFC: 20/09/2013 - 15:16:08 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img5F.htm   [301]
O61 - LFC: 20/09/2013 - 15:28:28 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img60.htm   [301]
O61 - LFC: 20/09/2013 - 15:28:48 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img61.htm   [301]
O61 - LFC: 20/09/2013 - 15:29:48 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img62.htm   [301]
O61 - LFC: 20/09/2013 - 15:42:08 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img64.htm   [301]
O61 - LFC: 20/09/2013 - 15:43:08 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img65.htm   [301]
O61 - LFC: 20/09/2013 - 15:43:50 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img68.htm   [301]
O61 - LFC: 20/09/2013 - 15:56:29 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img6B.htm   [301]
O61 - LFC: 20/09/2013 - 15:57:29 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img6C.htm   [301]
O61 - LFC: 20/09/2013 - 16:10:09 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img6E.htm   [301]
O61 - LFC: 20/09/2013 - 16:11:09 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img6F.htm   [301]
O61 - LFC: 20/09/2013 - 16:23:29 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img70.htm   [301]
O61 - LFC: 20/09/2013 - 16:23:49 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img71.htm   [301]
O61 - LFC: 20/09/2013 - 16:24:49 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img72.htm   [301]
O61 - LFC: 20/09/2013 - 16:27:59 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imv74.htm   [78]
O61 - LFC: 20/09/2013 - 16:28:00 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Runtime\Message\{6E90D9F0-746A-4926-B074-9BAE29BDCCF5}\Show\ATT1.txt   [457]
O61 - LFC: 20/09/2013 - 16:28:00 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Runtime\Message\{6E90D9F0-746A-4926-B074-9BAE29BDCCF5}\Show\ATT2.htm   [49547]
O61 - LFC: 20/09/2013 - 16:28:01 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Runtime\Message\{6E90D9F0-746A-4926-B074-9BAE29BDCCF5}\Show\noScriptHtmlStrWithoutSource_block_7.htm   [103970]
O61 - LFC: 20/09/2013 - 16:28:38 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\RJ2L7O82.txt   [200]
O61 - LFC: 20/09/2013 - 16:37:21 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Adobe\Acrobat\11.0\ReaderMessages   [25600]
O61 - LFC: 20/09/2013 - 16:38:03 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img75.htm   [301]
O61 - LFC: 20/09/2013 - 16:39:03 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img76.htm   [301]
O61 - LFC: 20/09/2013 - 16:51:43 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img77.htm   [301]
O61 - LFC: 20/09/2013 - 16:52:23 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img78.htm   [301]
O61 - LFC: 20/09/2013 - 16:53:23 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img79.htm   [301]
O61 - LFC: 20/09/2013 - 17:05:43 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img7A.htm   [301]
O61 - LFC: 20/09/2013 - 17:06:43 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img7B.htm   [301]
O61 - LFC: 20/09/2013 - 17:07:23 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img7C.htm   [301]
O61 - LFC: 20/09/2013 - 17:20:03 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img7D.htm   [301]
O61 - LFC: 20/09/2013 - 17:21:03 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img7E.htm   [301]
O61 - LFC: 20/09/2013 - 17:33:43 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img7F.htm   [301]
O61 - LFC: 20/09/2013 - 17:34:43 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img80.htm   [301]
O61 - LFC: 20/09/2013 - 17:47:03 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img81.htm   [301]
O61 - LFC: 20/09/2013 - 17:47:23 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img82.htm   [301]
O61 - LFC: 20/09/2013 - 17:48:23 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img83.htm   [301]
O61 - LFC: 20/09/2013 - 17:51:43 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\VHCIU016.txt   [982]
O61 - LFC: 20/09/2013 - 17:59:13 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\X1Z0UW0R\www.promouton[1].xml   [13]
O61 - LFC: 20/09/2013 - 18:00:45 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img84.htm   [301]
O61 - LFC: 20/09/2013 - 18:01:45 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img85.htm   [301]
O61 - LFC: 20/09/2013 - 18:02:24 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img86.htm   [301]
O61 - LFC: 20/09/2013 - 18:04:25 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\C5JQTBA0\www.pecheur[1].xml   [13]
O61 - LFC: 20/09/2013 - 18:15:04 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img87.htm   [301]
O61 - LFC: 20/09/2013 - 18:15:37 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\X4ESP0CC\www.meyson[1].xml   [13]
O61 - LFC: 20/09/2013 - 18:16:05 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img88.htm   [301]
O61 - LFC: 20/09/2013 - 18:28:44 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img89.htm   [301]
O61 - LFC: 20/09/2013 - 18:29:44 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img8A.htm   [301]
O61 - LFC: 20/09/2013 - 18:42:04 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img8B.htm   [301]
O61 - LFC: 20/09/2013 - 18:42:24 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img8C.htm   [301]
O61 - LFC: 20/09/2013 - 18:43:24 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img8D.htm   [301]
O61 - LFC: 20/09/2013 - 18:55:44 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img8E.htm   [301]
O61 - LFC: 20/09/2013 - 18:56:44 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img8F.htm   [301]
O61 - LFC: 20/09/2013 - 18:57:24 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img90.htm   [301]
O61 - LFC: 20/09/2013 - 19:10:04 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img91.htm   [301]
O61 - LFC: 20/09/2013 - 19:11:04 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img92.htm   [301]
O61 - LFC: 20/09/2013 - 19:12:50 ---A- . (...) -- C:\Documents and Settings\Anne\Favoris\Liens\Candy Crush Saga sur Facebook.url   [1006]
O61 - LFC: 20/09/2013 - 19:23:45 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img94.htm   [301]
O61 - LFC: 20/09/2013 - 19:24:45 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img95.htm   [301]
O61 - LFC: 20/09/2013 - 19:37:05 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img96.htm   [301]
O61 - LFC: 20/09/2013 - 19:37:35 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img99.htm   [301]
O61 - LFC: 20/09/2013 - 19:38:35 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img9A.htm   [301]
O61 - LFC: 20/09/2013 - 19:50:56 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img9B.htm   [301]
O61 - LFC: 20/09/2013 - 19:51:56 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img9C.htm   [301]
O61 - LFC: 20/09/2013 - 19:52:34 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img9D.htm   [301]
O61 - LFC: 20/09/2013 - 20:05:17 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img9E.htm   [301]
O61 - LFC: 20/09/2013 - 20:06:17 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img9F.htm   [301]
O61 - LFC: 20/09/2013 - 20:18:57 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imgA3.htm   [301]
O61 - LFC: 20/09/2013 - 20:19:57 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imgA4.htm   [301]
O61 - LFC: 20/09/2013 - 20:32:17 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imgA5.htm   [301]
O61 - LFC: 20/09/2013 - 20:32:35 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imgA6.htm   [301]
O61 - LFC: 20/09/2013 - 20:33:35 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imgA7.htm   [301]
O61 - LFC: 20/09/2013 - 20:45:56 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imgA8.htm   [301]
O61 - LFC: 20/09/2013 - 20:46:56 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imgA9.htm   [301]
O61 - LFC: 20/09/2013 - 20:47:36 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imgAA.htm   [301]
O61 - LFC: 20/09/2013 - 20:56:50 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\GK98NAKF.txt   [1490]
O61 - LFC: 20/09/2013 - 21:00:16 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imgAB.htm   [301]
O61 - LFC: 20/09/2013 - 21:00:59 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\JVGH92WZ\www.youtube[1].xml   [1138]
O61 - LFC: 20/09/2013 - 21:01:16 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imgAC.htm   [301]
O61 - LFC: 20/09/2013 - 21:13:56 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imgAD.htm   [301]
O61 - LFC: 20/09/2013 - 21:14:56 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imgAE.htm   [301]
O61 - LFC: 20/09/2013 - 21:16:15 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imvB0.htm   [78]
O61 - LFC: 20/09/2013 - 21:16:21 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imvB1.htm   [78]
O61 - LFC: 20/09/2013 - 21:16:26 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imvB2.htm   [78]
O61 - LFC: 20/09/2013 - 21:16:30 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imvB3.htm   [78]
O61 - LFC: 20/09/2013 - 21:16:33 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imvB4.htm   [78]
O61 - LFC: 20/09/2013 - 21:16:38 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imvB5.htm   [78]
O61 - LFC: 20/09/2013 - 21:16:41 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imvB6.htm   [78]
O61 - LFC: 20/09/2013 - 21:16:43 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imvB7.htm   [78]
O61 - LFC: 20/09/2013 - 21:16:45 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imvB8.htm   [78]
O61 - LFC: 20/09/2013 - 21:16:46 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imvB9.htm   [78]
O61 - LFC: 20/09/2013 - 21:16:50 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imvBA.htm   [78]
O61 - LFC: 20/09/2013 - 21:17:01 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imvBB.htm   [78]
O61 - LFC: 20/09/2013 - 21:17:05 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imvBC.htm   [78]
O61 - LFC: 20/09/2013 - 21:17:06 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imvBD.htm   [78]
O61 - LFC: 20/09/2013 - 21:17:09 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imvBE.htm   [78]
O61 - LFC: 20/09/2013 - 21:17:10 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imvBF.htm   [78]
O61 - LFC: 20/09/2013 - 21:17:13 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imvC0.htm   [78]
O61 - LFC: 20/09/2013 - 21:17:18 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imvC1.htm   [78]
O61 - LFC: 20/09/2013 - 21:17:21 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imvC2.htm   [78]
O61 - LFC: 20/09/2013 - 21:32:03 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imgC3.htm   [301]
O61 - LFC: 20/09/2013 - 21:33:03 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imgC4.htm   [301]
O61 - LFC: 20/09/2013 - 21:45:44 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imgC7.htm   [301]
O61 - LFC: 20/09/2013 - 21:46:23 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imgC8.htm   [301]
O61 - LFC: 20/09/2013 - 21:47:23 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imgC9.htm   [301]
O61 - LFC: 20/09/2013 - 21:54:41 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\Content\2659C1A560AB92C9C29D4B2B25815AE8   [542]
O61 - LFC: 20/09/2013 - 21:54:41 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\Content\5781E92BE36651A8ED64685F2F3CF507   [2316]
O61 - LFC: 20/09/2013 - 21:54:41 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\Content\C86BD7751D53F10F65AAAD66BBDF33C7   [955]
O61 - LFC: 20/09/2013 - 21:54:41 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\MetaData\2659C1A560AB92C9C29D4B2B25815AE8   [146]
O61 - LFC: 20/09/2013 - 21:54:41 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\MetaData\5781E92BE36651A8ED64685F2F3CF507   [110]
O61 - LFC: 20/09/2013 - 21:54:41 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\MetaData\C86BD7751D53F10F65AAAD66BBDF33C7   [140]
O61 - LFC: 20/09/2013 - 21:54:52 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\Content\1B749B72855CB97BF2F58675617C9BF9   [576]
O61 - LFC: 20/09/2013 - 21:54:52 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\Content\3130B1871A126520A8C47861EFE3ED4D   [552]
O61 - LFC: 20/09/2013 - 21:54:52 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\Content\696F3DE637E6DE85B458996D49D759AD   [813]
O61 - LFC: 20/09/2013 - 21:54:52 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\MetaData\1B749B72855CB97BF2F58675617C9BF9   [162]
O61 - LFC: 20/09/2013 - 21:54:52 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\MetaData\3130B1871A126520A8C47861EFE3ED4D   [132]
O61 - LFC: 20/09/2013 - 21:54:52 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\MetaData\696F3DE637E6DE85B458996D49D759AD   [156]
O61 - LFC: 20/09/2013 - 21:54:53 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\Content\B8CC409ACDBF2A2FE04C56F2875B1FD6   [561]
O61 - LFC: 20/09/2013 - 21:54:53 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\MetaData\B8CC409ACDBF2A2FE04C56F2875B1FD6   [134]
O61 - LFC: 20/09/2013 - 21:55:04 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\Content\7396C420A8E1BC1DA97F1AF0D10BAD21   [554]
O61 - LFC: 20/09/2013 - 21:55:04 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\MetaData\7396C420A8E1BC1DA97F1AF0D10BAD21   [168]
O61 - LFC: 20/09/2013 - 21:55:16 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8   [341]
O61 - LFC: 20/09/2013 - 21:55:16 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165   [413]
O61 - LFC: 20/09/2013 - 21:55:16 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8   [126]
O61 - LFC: 20/09/2013 - 21:55:16 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165   [98]
O61 - LFC: 20/09/2013 - 21:55:17 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5   [571]
O61 - LFC: 20/09/2013 - 21:55:17 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5   [136]
O61 - LFC: 20/09/2013 - 21:55:22 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\Content\0797C381B2F87EB5A1D5573BD15BA4F4   [37213]
O61 - LFC: 20/09/2013 - 21:55:22 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\MetaData\0797C381B2F87EB5A1D5573BD15BA4F4   [132]
O61 - LFC: 20/09/2013 - 21:55:24 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6   [109585]
O61 - LFC: 20/09/2013 - 21:55:24 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\Content\8BD11C4A2318EC8E5A82462092971DEA   [477]
O61 - LFC: 20/09/2013 - 21:55:24 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6   [124]
O61 - LFC: 20/09/2013 - 21:55:24 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\MetaData\8BD11C4A2318EC8E5A82462092971DEA   [116]
O61 - LFC: 20/09/2013 - 21:55:25 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\Content\A1377F7115F1F126A15360369B165211   [597]
O61 - LFC: 20/09/2013 - 21:55:25 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\MetaData\A1377F7115F1F126A15360369B165211   [142]
O61 - LFC: 20/09/2013 - 21:55:26 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\Content\12236C41CDDF9E40BA5606CDF086B821   [145805]
O61 - LFC: 20/09/2013 - 21:55:26 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\MetaData\12236C41CDDF9E40BA5606CDF086B821   [114]
O61 - LFC: 20/09/2013 - 21:55:35 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\Content\B69D763EB21649DA26F20618312DEE70   [75397]
O61 - LFC: 20/09/2013 - 21:55:35 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\MetaData\B69D763EB21649DA26F20618312DEE70   [128]
O61 - LFC: 20/09/2013 - 21:55:39 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\Content\1F356F4D07FE8C483E769E4586569404   [50597]
O61 - LFC: 20/09/2013 - 21:55:39 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\Content\3B6E683A7A45CC59BF035C9BA8C7AB9D   [494]
O61 - LFC: 20/09/2013 - 21:55:39 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\MetaData\1F356F4D07FE8C483E769E4586569404   [126]
O61 - LFC: 20/09/2013 - 21:55:39 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\MetaData\3B6E683A7A45CC59BF035C9BA8C7AB9D   [132]
O61 - LFC: 20/09/2013 - 21:55:41 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\Content\616AD1AB067CFD351D6C0EF6F3E12F40   [534]
O61 - LFC: 20/09/2013 - 21:55:41 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\Content\F234AF16A662E2448E049CAD14C6D675   [68159]
O61 - LFC: 20/09/2013 - 21:55:41 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\MetaData\616AD1AB067CFD351D6C0EF6F3E12F40   [134]
O61 - LFC: 20/09/2013 - 21:55:41 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\MetaData\F234AF16A662E2448E049CAD14C6D675   [130]
O61 - LFC: 20/09/2013 - 21:59:44 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imgCE.htm   [301]
O61 - LFC: 20/09/2013 - 22:00:30 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\7B9F1QPD\www.generation-nt[1].xml   [13]
O61 - LFC: 20/09/2013 - 22:00:44 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imgCF.htm   [301]
O61 - LFC: 20/09/2013 - 22:01:23 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imgD0.htm   [301]
O61 - LFC: 20/09/2013 - 22:10:01 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\FSKPO3CO.txt   [250]
O61 - LFC: 20/09/2013 - 22:10:03 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\NU3MLB9W\www.commentcamarche[1].xml   [230]
O61 - LFC: 20/09/2013 - 22:11:02 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\I249BKDW.txt   [980]
O61 - LFC: 20/09/2013 - 22:11:03 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\9A4BA30E.txt   [208]
O61 - LFC: 20/09/2013 - 22:14:03 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imgD2.htm   [301]
O61 - LFC: 20/09/2013 - 22:15:03 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imgD3.htm   [301]
O61 - LFC: 20/09/2013 - 22:27:56 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\0\prefs.js   [107]
O61 - LFC: 20/09/2013 - 22:30:29 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Runtime\Message\{42CC92DA-1E6C-4B27-8CDB-C391A34ADCDA}\Show\noScriptHtmlStrWithoutSource_Prev_9.htm   [9986]
O61 - LFC: 20/09/2013 - 22:30:29 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imv1.htm   [78]
O61 - LFC: 20/09/2013 - 22:30:50 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\IMSys\{D48362CB-0E8B-4A1D-A360-C34C11220108}\234x60_gg_upgrade_to_gold[1].swf   [26786]
O61 - LFC: 20/09/2013 - 22:30:50 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\IMSys\{D48362CB-0E8B-4A1D-A360-C34C11220108}\234x60_plus_get_more[1].swf   [16131]
O61 - LFC: 20/09/2013 - 22:30:51 ---A- . (...) -- C:\Documents and Settings\Anne\Bureau\AdwCleaner[S0].txt   [16782]
O61 - LFC: 20/09/2013 - 22:31:19 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\IMSys\{D48362CB-0E8B-4A1D-A360-C34C11220108}\234x60_potection_center_inbox[1].swf   [11896]
O61 - LFC: 20/09/2013 - 22:31:49 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\IMSys\{D48362CB-0E8B-4A1D-A360-C34C11220108}\234x60_premium_full_service[1].swf   [22448]
O61 - LFC: 20/09/2013 - 22:32:19 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\IMSys\{D48362CB-0E8B-4A1D-A360-C34C11220108}\234x60_premium_gives_more_chubycons[1].swf   [13108]
O61 - LFC: 20/09/2013 - 22:32:19 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\IMSys\{D48362CB-0E8B-4A1D-A360-C34C11220108}\234x60_red_remove_ad_plus[1].swf   [17241]
O61 - LFC: 20/09/2013 - 22:32:49 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\IMSys\{D48362CB-0E8B-4A1D-A360-C34C11220108}\234x60_plus_incredibackup[1].swf   [11810]
O61 - LFC: 20/09/2013 - 22:32:50 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\IMSys\{D48362CB-0E8B-4A1D-A360-C34C11220108}\234x60_gg_1000s_best_email_bg[1].swf   [48443]
O61 - LFC: 20/09/2013 - 22:33:19 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\IMSys\{D48362CB-0E8B-4A1D-A360-C34C11220108}\incredimail_left_gold_234x60[1].swf   [30464]
O61 - LFC: 20/09/2013 - 22:33:20 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\IMSys\{D48362CB-0E8B-4A1D-A360-C34C11220108}\incredimail_left2_gold_234x60[1].swf   [14435]
O61 - LFC: 20/09/2013 - 22:33:38 ---A- . (...) -- C:\Documents and Settings\Anne\Recent\AdwCleaner[S0].txt.lnk   [505]
O61 - LFC: 20/09/2013 - 22:33:49 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\IMSys\{D48362CB-0E8B-4A1D-A360-C34C11220108}\234x60_potection_center_spam[1].swf   [12911]
O61 - LFC: 20/09/2013 - 22:33:50 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\IMSys\{D48362CB-0E8B-4A1D-A360-C34C11220108}\gg_mx[1].swf   [40197]
O61 - LFC: 20/09/2013 - 22:34:19 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\IMSys\{D48362CB-0E8B-4A1D-A360-C34C11220108}\234x60_gold_necktie[1].swf   [5948]
O61 - LFC: 20/09/2013 - 22:37:24 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img2.htm   [301]
O61 - LFC: 20/09/2013 - 22:38:24 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img3.htm   [301]
O61 - LFC: 20/09/2013 - 22:40:11 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\813GH8ZQ.txt   [353]
O61 - LFC: 20/09/2013 - 22:42:15 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\OFFICE\ONetConfig\5688be17396c5d076e96b7f4c5068b80.sig   [128]
O61 - LFC: 20/09/2013 - 22:42:15 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\OFFICE\ONetConfig\5688be17396c5d076e96b7f4c5068b80.xml   [2063]
O61 - LFC: 20/09/2013 - 22:42:23 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\Office\Word11.pip   [1904]
O61 - LFC: 20/09/2013 - 22:56:12 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img8.htm   [301]
O61 - LFC: 20/09/2013 - 22:56:54 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img9.htm   [301]
O61 - LFC: 20/09/2013 - 22:56:58 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\X1Z0UW0R\rec.ipsosinteractive[1].xml   [13]
O61 - LFC: 20/09/2013 - 23:00:07 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\C5JQTBA0\www.pcastuces[1].xml   [13]
O61 - LFC: 20/09/2013 - 23:01:52 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\CDD4ED8C-BAB0-7891-8550-0865FA8D8C7F\Latest\latest.zpb   [361398]
O61 - LFC: 20/09/2013 - 23:01:55 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\CDD4ED8C-BAB0-7891-8550-0865FA8D8C7F\Latest\bab138.deltatb_dmn.zpb   [254] =>Toolbar.DeltaSearch
O61 - LFC: 20/09/2013 - 23:01:55 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\CDD4ED8C-BAB0-7891-8550-0865FA8D8C7F\Latest\bab457.TB_NewWay.dat   [173]
O61 - LFC: 20/09/2013 - 23:01:56 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\CDD4ED8C-BAB0-7891-8550-0865FA8D8C7F\Latest\bab098.claroico.zpb   [953]
O61 - LFC: 20/09/2013 - 23:01:56 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\CDD4ED8C-BAB0-7891-8550-0865FA8D8C7F\Latest\bab149.spreg.zpb   [299]
O61 - LFC: 20/09/2013 - 23:01:58 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\CDD4ED8C-BAB0-7891-8550-0865FA8D8C7F\Latest\BUsolution_vt.zpb   [199480]
O61 - LFC: 20/09/2013 - 23:01:59 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\CDD4ED8C-BAB0-7891-8550-0865FA8D8C7F\Latest\GUninstaller_cat.zpb   [139448]
O61 - LFC: 20/09/2013 - 23:02:01 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\CDD4ED8C-BAB0-7891-8550-0865FA8D8C7F\Latest\ccp.zpb   [229228]
O61 - LFC: 20/09/2013 - 23:02:03 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\CDD4ED8C-BAB0-7891-8550-0865FA8D8C7F\Latest\DSearchLink_DT.zpb   [54481] =>Toolbar.DeltaSearch
O61 - LFC: 20/09/2013 - 23:02:05 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\CDD4ED8C-BAB0-7891-8550-0865FA8D8C7F\Latest\DeltaChromeTB.zpb   [79850]
O61 - LFC: 20/09/2013 - 23:02:35 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\CDD4ED8C-BAB0-7891-8550-0865FA8D8C7F\Latest\DeltaTB.zpb   [1681832] =>Toolbar.DeltaSearch
O61 - LFC: 20/09/2013 - 23:02:39 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Google\Chrome\User Data\Default\ChromePreferences   [16519]
O61 - LFC: 20/09/2013 - 23:02:50 ---A- . (...) -- C:\Documents and Settings\Anne\Menu Démarrer\Programmes\BitGuard\Uninstall BitGuard.lnk   [1353] =>PUP.BitGuard
O61 - LFC: 20/09/2013 - 23:03:06 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Babylon\log_file.txt   [3665] =>Toolbar.Babylon
O61 - LFC: 20/09/2013 - 23:03:51 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch   [25620]
O61 - LFC: 20/09/2013 - 23:03:57 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\X4ESP0CC\downloadsprint[1].xml   [13]
O61 - LFC: 20/09/2013 - 23:05:11 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\X4ESP0CC\www2.delta-search[1].xml   [2168] =>Toolbar.DeltaSearch
O61 - LFC: 20/09/2013 - 23:09:51 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\7B9F1QPD\download.cnet[1].xml   [13]
O61 - LFC: 20/09/2013 - 23:10:12 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img21.htm   [301]
O61 - LFC: 20/09/2013 - 23:11:14 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img22.htm   [301]
O61 - LFC: 20/09/2013 - 23:11:58 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img23.htm   [301]
O61 - LFC: 20/09/2013 - 23:18:14 ---A- . (...) -- C:\Documents and Settings\Anne\UserData\index.dat   [32768]
O61 - LFC: 20/09/2013 - 23:19:04 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\N3UMW192.txt   [81]
O61 - LFC: 20/09/2013 - 23:23:36 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\4JTTK6I8.txt   [202]
O61 - LFC: 20/09/2013 - 23:23:38 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\HI293WPL.txt   [90]
O61 - LFC: 20/09/2013 - 23:24:04 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\75M8YXZ3.txt   [243]
O61 - LFC: 20/09/2013 - 23:24:29 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\9IF4JWN3.txt   [662]
O61 - LFC: 20/09/2013 - 23:24:41 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img27.htm   [301]
O61 - LFC: 20/09/2013 - 23:25:41 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img28.htm   [301]
O61 - LFC: 20/09/2013 - 23:38:07 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imv2C.htm   [78]
O61 - LFC: 20/09/2013 - 23:38:11 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Runtime\Message\{D1775AFA-6811-42C9-9AA8-7D149B7EC8B0}\Show\noScriptHtmlStrWithoutSource_block_7.htm   [28778]
O61 - LFC: 20/09/2013 - 23:38:13 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img2D.htm   [301]
O61 - LFC: 20/09/2013 - 23:39:13 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img2E.htm   [301]
O61 - LFC: 20/09/2013 - 23:40:20 ---A- . (.Malwarebytes Corporation.) -- C:\Documents and Settings\Anne\Bureau\mbam-setup-17501300.exe   [10285040]
O61 - LFC: 20/09/2013 - 23:47:49 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\AZ093DZT.txt   [578]
O61 - LFC: 20/09/2013 - 23:47:52 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\2Z6WCJ2Q.txt   [540]
O61 - LFC: 20/09/2013 - 23:47:53 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\XX7NZE56.txt   [98]
O61 - LFC: 20/09/2013 - 23:49:53 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\WPYJ9MRH.txt   [349]
O61 - LFC: 20/09/2013 - 23:53:45 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img33.htm   [301]
O61 - LFC: 20/09/2013 - 23:54:47 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img34.htm   [301]
O61 - LFC: 21/09/2013 - 00:07:19 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img38.htm   [301]
O61 - LFC: 21/09/2013 - 00:08:20 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img39.htm   [301]
O61 - LFC: 21/09/2013 - 00:14:55 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2013-09-21 (00-52-51).txt   [2254]
O61 - LFC: 21/09/2013 - 00:14:55 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\4379520594.data   [740]
O61 - LFC: 21/09/2013 - 00:14:55 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\4379520594.quar   [522240]
O61 - LFC: 21/09/2013 - 00:16:47 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\AddressBook\AddrBook.db3   [536576]
O61 - LFC: 21/09/2013 - 00:16:47 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\AddressBook\AddrBook.db3.bak   [536576]
O61 - LFC: 21/09/2013 - 00:19:36 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Runtime\Message\{22B56D8B-51F0-4388-87B9-7C7B18DF576C}\Show\noScriptHtmlStrWithoutSource_Prev_9.htm   [9986]
O61 - LFC: 21/09/2013 - 00:19:37 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imvE.htm   [78]
O61 - LFC: 21/09/2013 - 00:19:41 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\IMSys\{09839FAD-7FFF-417F-9614-D1B5C38A7C08}\101\incredicenter_v2.bmp   [5348]
O61 - LFC: 21/09/2013 - 00:30:31 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temporary Internet Files\SuggestedSites.dat   [5242991]
O61 - LFC: 21/09/2013 - 00:30:36 ----- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\imsl.dat   [13713]
O61 - LFC: 21/09/2013 - 00:30:36 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Real\rnadmin\rnsystem.dat   [861]
O61 - LFC: 21/09/2013 - 00:30:36 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\AccountsOrder.dat   [40]
O61 - LFC: 21/09/2013 - 07:53:41 -SHA- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\Credentials\S-1-5-21-1960408961-1214440339-1417001333-1002\Credentials   [948]
O61 - LFC: 21/09/2013 - 07:53:59 -SHA- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\Internet Explorer\Desktop.htt   [3344]
O61 - LFC: 21/09/2013 - 07:54:02 -SHA- . (...) -- C:\Documents and Settings\Anne\Local Settings\Historique\History.IE5\MSHist012013092120130922\index.dat   [49152]
O61 - LFC: 21/09/2013 - 07:54:34 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\JFZCM38I.txt   [235]
O61 - LFC: 21/09/2013 - 07:54:34 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\OTS4KPB3.txt   [798]
O61 - LFC: 21/09/2013 - 07:54:38 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\content.xml   [13186]
O61 - LFC: 21/09/2013 - 07:54:44 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\Content\398EE64D66758B5715368AA94044B13A   [1614]
O61 - LFC: 21/09/2013 - 07:54:44 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\MetaData\398EE64D66758B5715368AA94044B13A   [110]
O61 - LFC: 21/09/2013 - 07:54:53 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Runtime\Message\{EBA857E6-E1B7-4D7A-9A77-B9ECFD1B28D9}\Show\noScriptHtmlStrWithoutSource_Prev_9.htm   [9986]
O61 - LFC: 21/09/2013 - 07:54:53 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imv2.htm   [78]
O61 - LFC: 21/09/2013 - 07:57:20 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\QDQEHLLO.txt   [371]
O61 - LFC: 21/09/2013 - 07:57:51 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\106UCRP1.txt   [428]
O61 - LFC: 21/09/2013 - 07:58:32 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\1Z1LDRHA.txt   [85]
O61 - LFC: 21/09/2013 - 07:58:32 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\OFFICE\Spotlight\01036.xml   [527]
O61 - LFC: 21/09/2013 - 07:58:32 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\OFFICE\Spotlight\201036.xml   [488]
O61 - LFC: 21/09/2013 - 07:58:42 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\QRUA4DIM.txt   [486]
O61 - LFC: 21/09/2013 - 07:59:02 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\0U5LR893.txt   [63]
O61 - LFC: 21/09/2013 - 07:59:02 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\GMAVC25B.txt   [64]
O61 - LFC: 21/09/2013 - 07:59:03 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\5GB17IMY.txt   [217]
O61 - LFC: 21/09/2013 - 07:59:09 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\BQ516QCX.txt   [117]
O61 - LFC: 21/09/2013 - 07:59:09 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\LMRIFEV7.txt   [198]
O61 - LFC: 21/09/2013 - 07:59:12 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\L0BPYU2H.txt   [443]
O61 - LFC: 21/09/2013 - 07:59:12 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\PR4TZ7DE.txt   [130]
O61 - LFC: 21/09/2013 - 07:59:12 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\Y4J90Q95.txt   [414]
O61 - LFC: 21/09/2013 - 07:59:15 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\C5JQTBA0\dub111.mail.live[1].xml   [317]
O61 - LFC: 21/09/2013 - 07:59:17 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\XONXLH54.txt   [249]
O61 - LFC: 21/09/2013 - 07:59:18 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\YP1J919Y.txt   [295]
O61 - LFC: 21/09/2013 - 07:59:37 ----- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\Deleted Items.imm   [2313578533]
O61 - LFC: 21/09/2013 - 08:00:02 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\8WKEMEIX.txt   [1153]
O61 - LFC: 21/09/2013 - 08:00:03 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\U1U92K28\secure.shared.live[1].xml   [563]
O61 - LFC: 21/09/2013 - 08:01:41 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\frameiconcache.dat   [7126]
O61 - LFC: 21/09/2013 - 08:07:59 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imgA.htm   [301]
O61 - LFC: 21/09/2013 - 08:09:06 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imgB.htm   [301]
O61 - LFC: 21/09/2013 - 08:10:51 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D7386ED9-228C-11E3-AA92-406186901049}.dat   [3584]
O61 - LFC: 21/09/2013 - 08:11:01 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\F7374744-733C-4964-B5A8-A2A998E29A0C_data.bak   [0]
O61 - LFC: 21/09/2013 - 08:11:19 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\EP3A047Z\fr-fr.facebook[1].xml   [572]
O61 - LFC: 21/09/2013 - 08:11:44 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\JVGH92WZ\www.facebook[1].xml   [2192]
O61 - LFC: 21/09/2013 - 08:11:47 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\EP3A047Z\apps.facebook[1].xml   [326]
O61 - LFC: 21/09/2013 - 08:12:04 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cc1.midasplayer.com\settings.sol   [89]
O61 - LFC: 21/09/2013 - 08:12:04 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol   [569]
O61 - LFC: 21/09/2013 - 08:12:26 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Macromedia\Flash Player\#SharedObjects\JK4L5XT7\cc1.midasplayer.com\swf\CCMain.swf\pwf_movesPop.sol   [76]
O61 - LFC: 21/09/2013 - 08:12:57 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Macromedia\Flash Player\#SharedObjects\JK4L5XT7\cc1.midasplayer.com\swf\CCMain.swf\pwf_giveHelp.sol   [126]
O61 - LFC: 21/09/2013 - 08:13:52 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Macromedia\Flash Player\#SharedObjects\JK4L5XT7\cc1.midasplayer.com\swf\CCMain.swf\giveLifeX.sol   [100]
O61 - LFC: 21/09/2013 - 08:13:53 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\WN7V7RH8.txt   [733]
O61 - LFC: 21/09/2013 - 08:22:39 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\imvF.htm   [78]
O61 - LFC: 21/09/2013 - 08:22:40 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Runtime\Message\{81ED8AB5-9EA8-4724-977A-59F93D1D745E}\Show\noScriptHtmlStrWithoutSource_block_7.htm   [32896]
O61 - LFC: 21/09/2013 - 08:22:46 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img10.htm   [301]
O61 - LFC: 21/09/2013 - 08:23:46 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img11.htm   [301]
O61 - LFC: 21/09/2013 - 08:24:58 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\BB8J30SC.txt   [88]
O61 - LFC: 21/09/2013 - 08:25:01 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\Y2S52RN7.txt   [225]
O61 - LFC: 21/09/2013 - 08:25:30 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\ZREY0OXH.txt   [421]
O61 - LFC: 21/09/2013 - 08:26:08 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB   [341]
O61 - LFC: 21/09/2013 - 08:26:08 -S-A- . (...) -- C:\Documents and Settings\Anne\Application Data\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB   [122]
O61 - LFC: 21/09/2013 - 08:26:10 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\00000838T8SETUP.EXE   [9628040]
O61 - LFC: 21/09/2013 - 08:26:15 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\0\extensions\8hffxtbr@Allin1Convert_8h.com\bootstrap.js   [20480] =>Adware.Allin1Convert
O61 - LFC: 21/09/2013 - 08:26:15 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\0\extensions\8hffxtbr@Allin1Convert_8h.com\chrome.manifest   [1024] =>Adware.Allin1Convert
O61 - LFC: 21/09/2013 - 08:26:15 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\extensions\extensions\8hffxtbr@Allin1Convert_8h.com\bootstrap.js   [20480] =>Adware.Allin1Convert
O61 - LFC: 21/09/2013 - 08:26:15 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\extensions\extensions\8hffxtbr@Allin1Convert_8h.com\chrome.manifest   [1024] =>Adware.Allin1Convert
O61 - LFC: 21/09/2013 - 08:26:16 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\0\extensions\8hffxtbr@Allin1Convert_8h.com\install.rdf   [2048] =>Adware.Allin1Convert
O61 - LFC: 21/09/2013 - 08:26:16 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\extensions\extensions\8hffxtbr@Allin1Convert_8h.com\install.rdf   [2048] =>Adware.Allin1Convert
O61 - LFC: 21/09/2013 - 08:26:25 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\0\extensions\8hffxtbr@Allin1Convert_8h.com\chrome\8hffxtbr.jar   [548864] =>Adware.Allin1Convert
O61 - LFC: 21/09/2013 - 08:26:25 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\0\extensions\8hffxtbr@Allin1Convert_8h.com\installKeys.js   [230] =>Adware.Allin1Convert
O61 - LFC: 21/09/2013 - 08:26:25 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\extensions\extensions\8hffxtbr@Allin1Convert_8h.com\chrome\8hffxtbr.jar   [548864] =>Adware.Allin1Convert
O61 - LFC: 21/09/2013 - 08:26:25 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\extensions\extensions\8hffxtbr@Allin1Convert_8h.com\installKeys.js   [230] =>Adware.Allin1Convert
O61 - LFC: 21/09/2013 - 08:26:40 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\3INZVJ22.txt   [644]
O61 - LFC: 21/09/2013 - 08:26:40 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\EWVSGSCE.txt   [571]
O61 - LFC: 21/09/2013 - 08:26:41 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\Q24RSTWW.txt   [458]
O61 - LFC: 21/09/2013 - 08:26:42 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\AU8DLVSL.txt   [1235]
O61 - LFC: 21/09/2013 - 08:26:42 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\OXHBPZBC.txt   [115]
O61 - LFC: 21/09/2013 - 08:26:43 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\B65JPYBR.txt   [205]
O61 - LFC: 21/09/2013 - 08:26:43 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\O5005AKK.txt   [110]
O61 - LFC: 21/09/2013 - 08:26:44 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\HESFWBL1.txt   [481]
O61 - LFC: 21/09/2013 - 08:26:44 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\UMQVDAUM.txt   [224]
O61 - LFC: 21/09/2013 - 08:26:48 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{26335395-228F-11E3-AA92-406186901049}.dat   [4096]
O61 - LFC: 21/09/2013 - 08:26:50 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\C5JQTBA0\www.akaqa[1].xml   [13]
O61 - LFC: 21/09/2013 - 08:26:59 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F595E06C-228E-11E3-AA92-406186901049}.dat   [46080]
O61 - LFC: 21/09/2013 - 08:27:39 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E6D5538D-228E-11E3-AA92-406186901049}.dat   [81920]
O61 - LFC: 21/09/2013 - 08:28:19 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6137E96E-228F-11E3-AA92-406186901049}.dat   [4096]
O61 - LFC: 21/09/2013 - 08:28:49 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A552F6A8-228E-11E3-AA92-406186901049}.dat   [62464]
O61 - LFC: 21/09/2013 - 08:34:41 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Allin1Convert_8h\UrlFolderExtension.uf1   [2366] =>Adware.Allin1Convert
O61 - LFC: 21/09/2013 - 08:34:41 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Allin1Convert_8h\UrlFolderExtension.ufm   [2366] =>Adware.Allin1Convert
O61 - LFC: 21/09/2013 - 08:38:13 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Runtime\Message\{81ED8AB5-9EA8-4724-977A-59F93D1D745E}\Show\noScriptHtmlStrWithoutSource_7.htm   [33038]
O61 - LFC: 21/09/2013 - 08:38:31 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CA650560-2290-11E3-AA92-406186901049}.dat   [14336]
O61 - LFC: 21/09/2013 - 08:40:56 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\8W8HXSRU.txt   [213]
O61 - LFC: 21/09/2013 - 08:40:56 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\G7ZGYEC0.txt   [418]
O61 - LFC: 21/09/2013 - 08:41:58 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{469D4A85-2291-11E3-AA92-406186901049}.dat   [3584]
O61 - LFC: 21/09/2013 - 08:42:04 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\ZNOGL6T0.txt   [603]
O61 - LFC: 21/09/2013 - 08:42:05 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\AYU8TMUJ.txt   [572]
O61 - LFC: 21/09/2013 - 08:42:35 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4D780D44-2291-11E3-AA92-406186901049}.dat   [7168]
O61 - LFC: 21/09/2013 - 08:43:52 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\0OG1BJPN.txt   [182]
O61 - LFC: 21/09/2013 - 08:43:54 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\2EDMAZHT.txt   [112]
O61 - LFC: 21/09/2013 - 08:44:12 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\6Q2SKDAD.txt   [73]
O61 - LFC: 21/09/2013 - 08:44:33 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\D7HIDMWU.txt   [420]
O61 - LFC: 21/09/2013 - 08:45:07 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img15.htm   [301]
O61 - LFC: 21/09/2013 - 08:45:33 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9B2DB2B5-2291-11E3-AA92-406186901049}.dat   [4096]
O61 - LFC: 21/09/2013 - 08:45:56 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\25192X32.txt   [569]
O61 - LFC: 21/09/2013 - 08:46:02 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{12A588CC-2291-11E3-AA92-406186901049}.dat   [88576]
O61 - LFC: 21/09/2013 - 08:46:07 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img16.htm   [301]
O61 - LFC: 21/09/2013 - 08:46:09 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\ZKC8QD3T.txt   [570]
O61 - LFC: 21/09/2013 - 08:46:15 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\JYZ0WNPB.txt   [459]
O61 - LFC: 21/09/2013 - 08:46:27 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DE514B1E-2291-11E3-AA92-406186901049}.dat   [11776]
O61 - LFC: 21/09/2013 - 08:46:55 -SHA- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat   [1179648]
O61 - LFC: 21/09/2013 - 08:46:56 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\OASU9PHE.txt   [500]
O61 - LFC: 21/09/2013 - 08:47:00 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\0F94KC6U.txt   [946]
O61 - LFC: 21/09/2013 - 08:47:00 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\U2DAU8K2.txt   [298]
O61 - LFC: 21/09/2013 - 08:47:00 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\U59UO5K6.txt   [71]
O61 - LFC: 21/09/2013 - 08:47:00 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\X4ESP0CC\d.recomendedsite[1].xml   [13]
O61 - LFC: 21/09/2013 - 08:47:02 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\QKA0L0R4.txt   [127]
O61 - LFC: 21/09/2013 - 08:47:03 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\0723PXU4.txt   [537]
O61 - LFC: 21/09/2013 - 08:47:03 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\NR0FID4L.txt   [494]
O61 - LFC: 21/09/2013 - 08:47:03 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\X1Z0UW0R\telechargement.zebulon[1].xml   [307]
O61 - LFC: 21/09/2013 - 08:47:04 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\X2Y7ZF7N.txt   [153]
O61 - LFC: 21/09/2013 - 08:47:35 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\1DSXNR04.txt   [93]
O61 - LFC: 21/09/2013 - 08:47:35 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\FZCIOYXD.txt   [86]
O61 - LFC: 21/09/2013 - 08:47:39 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\68IZ31ZQ.txt   [909]
O61 - LFC: 21/09/2013 - 08:48:19 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FC4E5F26-2291-11E3-AA92-406186901049}.dat   [77312]
O61 - LFC: 21/09/2013 - 08:48:57 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\U1U92K28\www.google[1].xml   [1269]
O61 - LFC: 21/09/2013 - 08:50:53 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\UPV0TTKU.txt   [76]
O61 - LFC: 21/09/2013 - 08:51:38 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{87341E5A-2292-11E3-AA92-406186901049}.dat   [3584]
O61 - LFC: 21/09/2013 - 08:52:38 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4449BE60-2292-11E3-AA92-406186901049}.dat   [28672]
O61 - LFC: 21/09/2013 - 08:52:38 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{AA32C7A0-228B-11E3-AA92-406186901049}.dat   [3584]
O61 - LFC: 21/09/2013 - 08:52:38 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{C890559E-2292-11E3-AA92-406186901049}.dat   [27136]
O61 - LFC: 21/09/2013 - 08:54:23 ----- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\Inbox.imm   [1155229161]
O61 - LFC: 21/09/2013 - 08:54:24 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\F7374744-733C-4964-B5A8-A2A998E29A0C_data.msg   [0]
O61 - LFC: 21/09/2013 - 08:54:24 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\Containers.db   [61626368]
O61 - LFC: 21/09/2013 - 08:54:40 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\IndexH\index_k_34230.ix   [131072]
O61 - LFC: 21/09/2013 - 08:54:41 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\IndexH\index_d_1.ix   [7536640]
O61 - LFC: 21/09/2013 - 08:54:41 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\IndexH\index_di_1.ix   [262144]
O61 - LFC: 21/09/2013 - 08:54:41 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\IndexH\index_i_34230.ix   [137659]
O61 - LFC: 21/09/2013 - 08:54:41 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\IndexH\index_kl_1.ix   [12238848]
O61 - LFC: 21/09/2013 - 08:54:41 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\IndexH\index_klh_34230.ix   [1210]
O61 - LFC: 21/09/2013 - 08:54:41 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\IndexH\index_r_1.ix   [13657035]
O61 - LFC: 21/09/2013 - 08:54:41 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\IndexH\index_v.ix   [308]
O61 - LFC: 21/09/2013 - 08:54:42 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\IndexH\history.ix   [1034733]
O61 - LFC: 21/09/2013 - 08:54:42 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\IndexH\imit.dat   [566272]
O61 - LFC: 21/09/2013 - 08:54:42 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\IndexH\indexlog.dat   [2778]
O61 - LFC: 21/09/2013 - 08:54:48 -SHA- . (...) -- C:\Documents and Settings\Anne\IECompatCache\index.dat   [147456]
O61 - LFC: 21/09/2013 - 08:54:48 -SHA- . (...) -- C:\Documents and Settings\Anne\IETldCache\index.dat   [262144]
O61 - LFC: 21/09/2013 - 08:54:48 -SHA- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat   [16384]
O61 - LFC: 21/09/2013 - 08:54:48 -SHA- . (...) -- C:\Documents and Settings\Anne\PrivacIE\index.dat   [16187392]
O61 - LFC: 21/09/2013 - 08:54:49 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{15FE7482-2293-11E3-AA92-406186901049}.dat   [4096]
O61 - LFC: 21/09/2013 - 08:58:50 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img1A.htm   [301]
O61 - LFC: 21/09/2013 - 08:59:31 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img1B.htm   [301]
O61 - LFC: 21/09/2013 - 08:59:50 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\IndexB\index_d_1.ix   [7340032]
O61 - LFC: 21/09/2013 - 08:59:50 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\IndexB\index_di_1.ix   [262144]
O61 - LFC: 21/09/2013 - 08:59:50 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\IndexB\index_k_8360.ix   [131072]
O61 - LFC: 21/09/2013 - 08:59:51 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\IndexB\index_i_8360.ix   [34134]
O61 - LFC: 21/09/2013 - 08:59:51 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\IndexB\index_r_1.ix   [46269475]
O61 - LFC: 21/09/2013 - 08:59:56 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\IndexB\history.ix   [940989]
O61 - LFC: 21/09/2013 - 08:59:56 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\IndexB\index_kl_1.ix   [21192704]
O61 - LFC: 21/09/2013 - 08:59:56 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\IndexB\index_klh_8360.ix   [7034]
O61 - LFC: 21/09/2013 - 08:59:56 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\IndexB\index_v.ix   [303]
O61 - LFC: 21/09/2013 - 08:59:56 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\IndexB\indexlog.dat   [2812]
O61 - LFC: 21/09/2013 - 08:59:57 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\IM\Identities\{FB161A90-B182-4939-83A6-7A663DA95C78}\Message Store\IndexB\imit.dat   [613376]
O61 - LFC: 21/09/2013 - 09:00:31 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img1C.htm   [301]
O61 - LFC: 21/09/2013 - 09:01:15 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\2OE0OR9D.txt   [256]
O61 - LFC: 21/09/2013 - 09:03:55 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Google\Chrome\User Data\Default\Chrome Web Data   [83968]
O61 - LFC: 21/09/2013 - 09:03:55 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data   [83968]
O61 - LFC: 21/09/2013 - 09:04:48 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\SEMGKFCU.txt   [101]
O61 - LFC: 21/09/2013 - 09:05:24 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\EC3KV7DK.txt   [1280]
O61 - LFC: 21/09/2013 - 09:07:11 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage   [3072]
O61 - LFC: 21/09/2013 - 09:07:11 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences   [16519]
O61 - LFC: 21/09/2013 - 09:07:11 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\avgchrome\avgp   [16519]
O61 - LFC: 21/09/2013 - 09:09:37 ---A- . (...) -- C:\Documents and Settings\Anne\Application Data\Haako\wuday.uzy   [2947]
O61 - LFC: 21/09/2013 - 09:10:22 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\index.dat   [524288]
O61 - LFC: 21/09/2013 - 09:10:22 -SHA- . (...) -- C:\Documents and Settings\Anne\Local Settings\Historique\History.IE5\index.dat   [2736128]
O61 - LFC: 21/09/2013 - 09:11:51 ---A- . (...) -- C:\Documents and Settings\Anne\Cookies\H8N4O9S0.txt   [938]
O61 - LFC: 21/09/2013 - 09:13:02 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img1E.htm   [301]
O61 - LFC: 21/09/2013 - 09:14:02 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img1F.htm   [301]
O61 - LFC: 21/09/2013 - 09:14:41 ---A- . (...) -- C:\Documents and Settings\Anne\Local Settings\Temp\IM\img20.htm   [301]
~ 187 Fichiers temporaires (Temporary files)
~ 90 Fichiers cookies (Cookies files)
~ Files: 550 Scanned in 02mn 19s



---\\ Fichiers Alternate Data Stream (ADS) (O62)
O62 - ADS:Alternate Data Stream File - C:\WINDOWS\system32\Drivers\pijxylta.sys:changelist
~ ADS:  Scanned in 00mn 01s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS:  Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 20/09/2013 - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe (AdobeFlashPlayerUpdateSvc)  .(.Adobe Systems Incorporated - Adobe® Flash® Player Update Service 11.8 r8.) - LEGACY_ADOBEFLASHPLAYERUPDATESVC
O64 - Services: CurCS - 17/08/2011 - C:\WINDOWS\system32\drivers\afd.sys (AFD)  .(.Microsoft Corporation - Ancillary Function Driver for WinSock.) - LEGACY_AFD
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\alg.exe (ALG)  .(.Microsoft Corporation - Application Layer Gateway Service.) - LEGACY_ALG
O64 - Services: CurCS - 21/09/2013 - C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe (Allin1Convert_8hService)  .(.COMPANYVERS_NAME - PRODUCTVERS_TITLE.) - LEGACY_ALLIN1CONVERT_8HSERVICE =>Adware.Allin1Convert
O64 - Services: CurCS - 24/10/2011 - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Mobile Device)  .(.Apple Inc. - MobileDeviceService.) - LEGACY_APPLE_MOBILE_DEVICE
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (AppMgmt)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_APPMGMT
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (AudioSrv)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_AUDIOSRV
O64 - Services: CurCS - 10/09/2013 - Pas de propriétaire (BitGuard)  .(...) - LEGACY_BITGUARD =>PUP.BitGuard
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (BITS)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_BITS
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (Browser)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_BROWSER
O64 - Services: CurCS - 25/07/2008 - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (clr_optimization_v2.0.50727_32)  .(.Microsoft Corporation - .NET Runtime Optimization Service.) - LEGACY_CLR_OPTIMIZATION_V2.0.50727_32
O64 - Services: CurCS - 18/03/2010 - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (clr_optimization_v4.0.30319_32)  .(.Microsoft Corporation - .NET Runtime Optimization Service.) - LEGACY_CLR_OPTIMIZATION_V4.0.30319_32
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\dllhost.exe (COMSysApp)  .(.Microsoft Corporation - COM Surrogate.) - LEGACY_COMSYSAPP
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (CryptSvc)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_CRYPTSVC
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (Dhcp)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_DHCP
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\dmadmin.exe (dmadmin)  .(.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) - LEGACY_DMADMIN
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\drivers\dmboot.sys (dmboot)  .(.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disq.) - LEGACY_DMBOOT
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (dmserver)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_DMSERVER
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (Dnscache)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_DNSCACHE
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (ERSvc)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_ERSVC
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (EventSystem)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_EVENTSYSTEM
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (FastUserSwitchingCompatibility)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_FASTUSERSWITCHINGCOMPATIBILITY
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\DRIVERS\fltMgr.sys (FltMgr)  .(.Microsoft Corporation - Microsoft Filesystem Filter Manager.) - LEGACY_FLTMGR
O64 - Services: CurCS - 29/07/2008 - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (FontCache3.0.0.0)  .(.Microsoft Corporation - PresentationFontCache.exe.) - LEGACY_FONTCACHE3.0.0.0
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\DRIVERS\msgpc.sys (Gpc)  .(.Microsoft Corporation - MS General Packet Classifier.) - LEGACY_GPC
O64 - Services: CurCS - 14/11/2011 - C:\Program Files\Google\Update\GoogleUpdate.exe (gupdate)  .(.Google Inc. - Programme d'installation de Google.) - LEGACY_GUPDATE
O64 - Services: CurCS - 14/11/2011 - C:\Program Files\Google\Update\GoogleUpdate.exe (gupdatem)  .(.Google Inc. - Programme d'installation de Google.) - LEGACY_GUPDATEM
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (helpsvc)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_HELPSVC
O64 - Services: CurCS - 20/10/2009 - C:\WINDOWS\system32\Drivers\HTTP.sys (HTTP)  .(.Microsoft Corporation - HTTP Protocol Stack.) - LEGACY_HTTP
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (HTTPFilter)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_HTTPFILTER
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\imapi.exe (ImapiService)  .(.Microsoft Corporation - API Image Mastering.) - LEGACY_IMAPISERVICE
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys (IpFilterDriver)  .(.Microsoft Corporation - IP FILTER DRIVER.) - LEGACY_IPFILTERDRIVER
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\DRIVERS\ipnat.sys (IpNat)  .(.Microsoft Corporation - IP Network Address Translator.) - LEGACY_IPNAT
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\DRIVERS\ipsec.sys (IPSec)  .(.Microsoft Corporation - IPSec Driver.) - LEGACY_IPSEC
O64 - Services: CurCS - 04/04/2013 - C:\Program Files\Java\jre7\bin\jqs.exe (JavaQuickStarterService)  .(.Oracle Corporation - Java Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (LanmanServer)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LANMANSERVER
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (LanmanWorkstation)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LANMANWORKSTATION
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (LmHosts)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LMHOSTS
O64 - Services: CurCS - 07/05/2010 - Pas de propriétaire (LVPr2Mon)  .(...) - LEGACY_LVPR2MON
O64 - Services: CurCS - 07/05/2010 - C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcSrv.exe (LVPrcSrv)  .(.Logitech Inc. -  LVPrcSrv Module..) - LEGACY_LVPRCSRV
O64 - Services: CurCS - 04/04/2013 - C:\windows\system32\drivers\mbam.sys (MBAMProtector)  .(.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - LEGACY_MBAMPROTECTOR
O64 - Services: CurCS - 04/04/2013 - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (MBAMScheduler)  .(.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - LEGACY_MBAMSCHEDULER
O64 - Services: CurCS - 04/04/2013 - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (MBAMService)  .(.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - LEGACY_MBAMSERVICE
O64 - Services: CurCS - 21/09/2013 - C:\windows\system32\drivers\mbamswissarmy.sys (MBAMSwissArmy)  .(.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - LEGACY_MBAMSWISSARMY
O64 - Services: CurCS - 18/06/2013 - C:\WINDOWS\system32\DRIVERS\MpFilter.sys (MpFilter)  .(.Microsoft Corporation - Microsoft antimalware file system filter dr.) - LEGACY_MPFILTER
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\DRIVERS\mrxdav.sys (MRxDAV)  .(.Microsoft Corporation - Windows NT WebDav Minirdr.) - LEGACY_MRXDAV
O64 - Services: CurCS - 15/07/2011 - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys (MRxSmb)  .(.Microsoft Corporation - Windows NT SMB Minirdr.) - LEGACY_MRXSMB
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\msdtc.exe (MSDTC)  .(.Microsoft Corporation - MS DTC console program.) - LEGACY_MSDTC
O64 - Services: CurCS - 02/01/1601 - Pas de propriétaire (MSICDSetup)  .(...) - LEGACY_MSICDSETUP
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\msiexec.exe (MSIServer)  .(.Microsoft Corporation - Windows® installer.) - LEGACY_MSISERVER
O64 - Services: CurCS - 20/06/2013 - C:\Program Files\Microsoft Security Client\MsMpEng.exe (MsMpSvc)  .(.Microsoft Corporation - Antimalware Service Executable.) - LEGACY_MSMPSVC
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (MSMQ)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_MSMQ
O64 - Services: CurCS - 21/04/2011 - C:\WINDOWS\system32\Drivers\Mup.sys (Mup)  .(.Microsoft Corporation - Multiple UNC Provider driver.) - LEGACY_MUP
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\Drivers\NDIS.sys (NDIS)  .(.Microsoft Corporation - NDIS 5.1 wrapper driver.) - LEGACY_NDIS
O64 - Services: CurCS - 08/07/2011 - C:\WINDOWS\system32\DRIVERS\ndistapi.sys (NdisTapi)  .(.Microsoft Corporation - NDIS 3.0 connection wrapper driver.) - LEGACY_NDISTAPI
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\DRIVERS\ndisuio.sys (Ndisuio)  .(.Microsoft Corporation - NDIS User mode I/O Driver.) - LEGACY_NDISUIO
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\DRIVERS\netbios.sys (NetBIOS)  .(.Microsoft Corporation - NetBIOS interface driver.) - LEGACY_NETBIOS
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\DRIVERS\netbt.sys (NetBT)  .(.Microsoft Corporation - MBT Transport driver.) - LEGACY_NETBT
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (Netman)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_NETMAN
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (Nla)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_NLA
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (NtmsSvc)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_NTMSSVC
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (NWCWorkstation)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_NWCWORKSTATION
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys (NwlnkIpx)  .(.Microsoft Corporation - NWLINK2 IPX Protocol Driver.) - LEGACY_NWLNKIPX
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\DRIVERS\nwlnknb.sys (NwlnkNb)  .(.Microsoft Corporation - NWLINK2 IPX Netbios Protocol Driver.) - LEGACY_NWLNKNB
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys (NwlnkSpx)  .(.Microsoft Corporation - NWLINK2 SPX Protocol Driver.) - LEGACY_NWLNKSPX
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\DRIVERS\nwrdr.sys (NWRDR)  .(.Microsoft Corporation - NetWare Redirector File System Driver.) - LEGACY_NWRDR
O64 - Services: CurCS - 28/07/2003 - C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.exe (ose)  .(.Microsoft Corporation - Office Source Engine.) - LEGACY_OSE
O64 - Services: CurCS - 05/01/2004 - C:\WINDOWS\system32\HPZipm12.exe (Pml Driver HPZ12)  .(.HP - PML Driver.) - LEGACY_PML_DRIVER_HPZ12
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\lsass.exe (PolicyAgent)  .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_POLICYAGENT
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\lsass.exe (ProtectedStorage)  .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_PROTECTEDSTORAGE
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\DRIVERS\rasacd.sys (RasAcd)  .(.Microsoft Corporation - RAS Automatic Connection Driver.) - LEGACY_RASACD
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (RasMan)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_RASMAN
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\DRIVERS\rdbss.sys (Rdbss)  .(.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - LEGACY_RDBSS
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\DRIVERS\RDPCDD.sys (RDPCDD)  .(.Microsoft Corporation - RDP Miniport.) - LEGACY_RDPCDD
O64 - Services: CurCS - 16/04/2013 - Pas de propriétaire (RealNetworks Downloader Resolver Service)  .(...) - LEGACY_REALNETWORKS_DOWNLOADER_RESOLVER_SERVICE
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (RemoteRegistry)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_REMOTEREGISTRY
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\rsvp.exe (RSVP)  .(.Microsoft Corporation - Microsoft RSVP.) - LEGACY_RSVP
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\lsass.exe (SamSs)  .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_SAMSS
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (Schedule)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SCHEDULE
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (seclogon)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SECLOGON
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (SENS)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SENS
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (SharedAccess)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SHAREDACCESS
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (ShellHWDetection)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SHELLHWDETECTION
O64 - Services: CurCS - 19/04/2013 - C:\Program Files\Skype\Updater\Updater.exe (SkypeUpdate)  .(.Skype Technologies - Skype Updater Service.) - LEGACY_SKYPEUPDATE
O64 - Services: CurCS - 17/08/2010 - C:\WINDOWS\system32\spoolsv.exe (Spooler)  .(.Microsoft Corporation - Spooler SubSystem App.) - LEGACY_SPOOLER
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\DRIVERS\sr.sys (sr)  .(.Microsoft Corporation - Pilote de filtre de système de fichiers pou.) - LEGACY_SR
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (srservice)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SRSERVICE
O64 - Services: CurCS - 17/02/2011 - C:\WINDOWS\system32\DRIVERS\srv.sys (Srv)  .(.Microsoft Corporation - Server driver.) - LEGACY_SRV
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (SSDPSRV)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SSDPSRV
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (stisvc)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_STISVC
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (TapiSrv)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_TAPISRV
O64 - Services: CurCS - 20/06/2008 - C:\WINDOWS\system32\DRIVERS\tcpip.sys (Tcpip)  .(.Microsoft Corporation - TCP/IP Protocol Driver.) - LEGACY_TCPIP
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (Themes)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_THEMES
O64 - Services: CurCS - 22/04/2011 - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTomHOMEService)  .(.TomTom - Windows Service for TomTom HOME.) - LEGACY_TOMTOMHOMESERVICE
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (TrkWks)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_TRKWKS
O64 - Services: CurCS - 04/07/2010 - Pas de propriétaire (UnlockerDriver5)  .(...) - LEGACY_UNLOCKERDRIVER5
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (upnphost)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_UPNPHOST
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\drivers\vga.sys (VgaSave)  .(.Microsoft Corporation - VGA/Super VGA Video Driver.) - LEGACY_VGASAVE
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (W32Time)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_W32TIME
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\DRIVERS\wanarp.sys (Wanarp)  .(.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - LEGACY_WANARP
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (WebClient)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WEBCLIENT
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (winmgmt)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WINMGMT
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\wbem\wmiapsrv.exe (WmiApSrv)  .(.Microsoft Corporation - Service de la carte de performance WMI.) - LEGACY_WMIAPSRV
O64 - Services: CurCS - 04/02/2009 - C:\Program Files\Windows Media Player\WMPNetwk.exe (WMPNetworkSvc)  .(.Microsoft Corporation - Service Partage réseau du Lecteur Windows M.) - LEGACY_WMPNETWORKSVC
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (wscsvc)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WSCSVC
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (wuauserv)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WUAUSERV
O64 - Services: CurCS - 28/09/2006 - C:\WINDOWS\system32\DRIVERS\WudfPf.sys (WudfPf)  .(.Microsoft Corporation - Windows Driver Foundation - User-mode Drive.) - LEGACY_WUDFPF
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (WudfSvc)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WUDFSVC
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (WZCSVC)  .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WZCSVC
~ Legacy: 311 Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe
O67 - Shell Spawning: <.html> <htmlfile>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe
~ FASS Keys: 17 Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Delta Search) - http://www2.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {75b4241f-171e-44a3-bf44-23613b6e3e03} - (Ask Web Search) - http://search.tb.ask.com
O69 - SBI: SearchScopes [HKUS\S-1-5-19] {006ee092-9658-4fd6-bd8e-a21a348e59f5} - (Web Search) - http://feed.snapdo.com =>Hijacker.SmartBar
O69 - SBI: SearchScopes [HKUS\S-1-5-20] {006ee092-9658-4fd6-bd8e-a21a348e59f5} - (Web Search) - http://feed.snapdo.com =>Hijacker.SmartBar
~ Keys:  Scanned in 00mn 00s



---\\ Enumère les service demarrés par Svchost (SSS) (O83)
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Service Installation de logiciels.) -- C:\WINDOWS\system32\appmgmts.dll   [176640]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\WINDOWS\system32\audiosrv.dll   [42496]
O83 - Search Svchost Services: Browser (Browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\system32\browser.dll   [78336]
O83 - Search Svchost Services: CryptSvc (CryptSvc) . (.Microsoft Corporation - Cryptographic Services.) -- C:\WINDOWS\system32\cryptsvc.dll   [62464]
O83 - Search Svchost Services: DMServer (DMServer) . (.Microsoft Corp. - DLL Service gestionnaire de disque logique.) -- C:\WINDOWS\system32\dmserver.dll   [24576]
O83 - Search Svchost Services: DHCP (DHCP) . (.Microsoft Corporation - Service client DHCP.) -- C:\WINDOWS\system32\dhcpcsvc.dll   [127488]
O83 - Search Svchost Services: ERSvc (ERSvc) . (.Microsoft Corporation - Windows Error Reporting Service.) -- C:\WINDOWS\system32\ersvc.dll   [23040]
O83 - Search Svchost Services: EventSystem (EventSystem) . (.Microsoft Corporation - Pas de description.) -- C:\WINDOWS\system32\es.dll   [253952]
O83 - Search Svchost Services: FastUserSwitchingCompatibility (FastUserSwitchingCompatibility) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\WINDOWS\system32\shsvcs.dll   [135680]
O83 - Search Svchost Services: HidServ (HidServ) . (...) -- C:\WINDOWS\system32\hidserv.dll   [0]
O83 - Search Svchost Services: LanmanServer (LanmanServer) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\system32\srvsvc.dll   [99840]
O83 - Search Svchost Services: LanmanWorkstation (LanmanWorkstation) . (.Microsoft Corporation - Workstation Service DLL.) -- C:\WINDOWS\system32\wkssvc.dll   [132096]
O83 - Search Svchost Services: Messenger (Messenger) . (.Microsoft Corporation - NT Messenger Service.) -- C:\WINDOWS\system32\msgsvc.dll   [33792]
O83 - Search Svchost Services: Netman (Netman) . (.Microsoft Corporation - Gestionnaire de connexions réseau.) -- C:\WINDOWS\system32\netman.dll   [198144]
O83 - Search Svchost Services: Nla (Nla) . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll   [247808]
O83 - Search Svchost Services: Ntmssvc (Ntmssvc) . (.Microsoft Corporation - Gestionnaire de stockage amovible.) -- C:\WINDOWS\system32\ntmssvc.dll   [438272]
O83 - Search Svchost Services: NWCWorkstation (NWCWorkstation) . (.Microsoft Corporation - Client Service for Netware.) -- C:\WINDOWS\system32\nwwks.dll   [65536]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\system32\rasauto.dll   [88576]
O83 - Search Svchost Services: MSMQ (MSMQ) . (...) -- C:\WINDOWS\system32\RMCAST.dll   [0]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\system32\rasmans.dll   [186368]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\WINDOWS\system32\mprdim.dll   [53248]
O83 - Search Svchost Services: Schedule (Schedule) . (.Microsoft Corporation - Moteur du Planificateur de tâches.) -- C:\WINDOWS\system32\schedsvc.dll   [194560]
O83 - Search Svchost Services: Seclogon (Seclogon) . (.Microsoft Corporation - DLL de service d'ouverture de session secondaire.) -- C:\WINDOWS\system32\seclogon.dll   [18944]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\system32\sens.dll   [39424]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l'application d'assistance à Microsoft NAT.) -- C:\WINDOWS\system32\ipnathlp.dll   [332800]
O83 - Search Svchost Services: SRService (SRService) . (.Microsoft Corporation - Service de restauration du système.) -- C:\WINDOWS\system32\srsvc.dll   [171520]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows(TM).) -- C:\WINDOWS\system32\tapisrv.dll   [249856]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\WINDOWS\system32\shsvcs.dll   [135680]
O83 - Search Svchost Services: TrkWks (TrkWks) . (.Microsoft Corporation - Distributed Link Tracking Client.) -- C:\WINDOWS\system32\trkwks.dll   [90112]
O83 - Search Svchost Services: W32Time (W32Time) . (.Microsoft Corporation - Service de temps Windows.) -- C:\WINDOWS\system32\w32time.dll   [178176]
O83 - Search Svchost Services: WZCSVC (WZCSVC) . (.Microsoft Corporation - Service configuration automatique sans fil.) -- C:\WINDOWS\system32\wzcsvc.dll   [483840]
O83 - Search Svchost Services: Wmi (Wmi) . (.Microsoft Corporation - API avancées Windows 32.) -- C:\WINDOWS\system32\advapi32.dll   [685568]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\system32\wbem\WMIsvc.dll   [145408]
O83 - Search Svchost Services: wscsvc (wscsvc) . (.Microsoft Corporation - Windows Security Center Service.) -- C:\WINDOWS\system32\wscsvc.dll   [80896]
O83 - Search Svchost Services: xmlprov (xmlprov) . (.Microsoft Corporation - Network Provisioning Service.) -- C:\WINDOWS\system32\xmlprov.dll   [129024]
O83 - Search Svchost Services: napagent (napagent) . (.Microsoft Corporation - Exécution du service Agent de quarantaine.) -- C:\WINDOWS\system32\qagentrt.dll   [293376]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\WINDOWS\system32\kmsvc.dll   [61440]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\WINDOWS\system32\qmgr.dll   [409088]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update AutoUpdate Service.) -- C:\WINDOWS\system32\wuauserv.dll   [6656]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\WINDOWS\system32\shsvcs.dll   [135680]
O83 - Search Svchost Services: helpsvc (helpsvc) . (.Microsoft Corporation - Microsoft PCHealth Service Holder.) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll   [38400]
~ Services: 41 Scanned in 00mn 01s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.E29FE0500B9D3921571C6FEB7745AB08] [SPRF][24/05/2011] (...) -- C:\Documents and Settings\Anne\Local Settings\Application Data\fusioncache.dat   [127]
[MD5.DB47C082B8B3B7A6D4480237E634477D] [SPRF][14/11/2010] (...) -- C:\Documents and Settings\Anne\Application Data\{F7D92AAA-C97A-488c-BC14-C061CF39647F}.dat   [32]
[MD5.683FDD3D773C58B262DC07CD0C6CE938] [SPRF][20/09/2013] (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Documents and Settings\Anne\Bureau\mbam-setup-17501300.exe   [10285040]
[MD5.0BF4D271D4E57A3B2E52CD0C7E5A082E] [SPRF][20/10/2010] (...) -- C:\Program Files\lame_enc.dll   [162304]
~ Files: 4 Scanned in 00mn 02s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "00002109020090400000000000F01FEC" . (.Compatibility Pack for the 2007 Office system.) -- C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
O90 - PUC: "000021090200C0400000000000F01FEC" . (.Module de compatibilité pour Microsoft Office System 2007.) -- C:\WINDOWS\Installer\{90120000-0020-040C-0000-0000000FF1CE}\O12ConvIcon.exe
O90 - PUC: "160231E2A87C4D848A99D1319B1D98AF" . (.Memories Disc Creator 2.0.) -- C:\WINDOWS\Installer\{2E132061-C78A-48D4-A899-1D13B9D189FA}\HewlettPackard_0002ICON.exe
O90 - PUC: "1D034B0FAA6BD374B960AAD30DF10D8B" . (.Microsoft SQL Server 2005 Compact Edition [ENU].) -- C:\WINDOWS\Installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}\ProductIcon
O90 - PUC: "243493A986A4ABE4586A555B954F7E00" . (.Microsoft .NET Framework 1.1 French Language Pack.) -- C:\WINDOWS\Installer\{9A394342-4A68-4EBA-85A6-55B559F4E700}\ndpsetup.ico
O90 - PUC: "41DC8ECD5FBF46449B4A1EE87453647C" . (.Assistant de connexion Windows Live.) -- C:\WINDOWS\Installer\{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}\prodicon.ico
O90 - PUC: "46B5A9879DD95AB419A50FCFA0B1B7EF" . (.Apple Software Update.) -- C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\Installer.ico
O90 - PUC: "68267DD57EB949849A099E509EA18C81" . (.Windows Live Mail.) -- C:\WINDOWS\Installer\{5DD76286-9BE7-4894-A990-E905E91AC818}\wlmail.exe
O90 - PUC: "68AB67CA7DA76301B744BA0000000010" . (.Adobe Reader XI (11.0.04) - Français.) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AB0000000001}\SC_Reader.ico
O90 - PUC: "82D6625F2B0E0314FB5CEE51A55D41CD" . (.Apple Application Support.) -- C:\WINDOWS\Installer\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}\WinInstall.ico
O90 - PUC: "907018673D7AD86419761A87C0E167C6" . (.Windows Live FolderShare.) -- C:\WINDOWS\Installer\{76810709-A7D3-468D-9167-A1780C1E766C}\FolderShare48x48.ico
O90 - PUC: "96740EE14C1960A4297BCFFA6EABDB9D" . (.Galerie de photos Windows Live.) -- C:\WINDOWS\Installer\{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}\WLXPhotoGalleryIcon.exe
O90 - PUC: "9F2FDFE0D6387BE43AD230B83D1FBFA2" . (.Security Update for CAPICOM (KB931906).) -- C:\WINDOWS\Installer\{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}\folder.ico
O90 - PUC: "A12B436470CC693498C0B2188666F1AE" . (.Windows Live Writer.) -- C:\WINDOWS\Installer\{4634B21A-CC07-4396-890C-2B8168661FEA}\ApplicationIcon.ico
O90 - PUC: "A9DE3518A49CE6248908E576570CB826" . (.Apple Mobile Device Support.) -- C:\WINDOWS\Installer\{8153ED9A-C94A-426E-9880-5E6775C08B62}\Installer.ico
O90 - PUC: "BB378CD33EFFFB647910629BEA73F1F9" . (.RealDownloader.) -- C:\WINDOWS\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\AddRemoveProgramsIcon
O90 - PUC: "C040110900063D11C8EF10054038389C" . (.Microsoft Office Professional Edition 2003.) -- C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe,6
O90 - PUC: "D381B5441F4F8C549BBD1F3155AC56B7" . (.Windows Live Messenger.) -- C:\WINDOWS\Installer\{445B183D-F4F1-45C8-B9DB-F11355CA657B}\MsblIco.Exe
O90 - PUC: "D7314F9862C648A4DB8BE2A5B47BE100" . (.Microsoft Silverlight.) -- c:\WINDOWS\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ARPIcon
O90 - PUC: "DB3F79E5CDDC8814D98935E241AFBBD5" . (.IncrediMail.) -- C:\WINDOWS\Installer\{5E97F3BD-CDDC-4188-9D98-532E14FABB5D}\ARPPRODUCTICON.exe
O90 - PUC: "DDB6C50237B7ED245850A990F3532A83" . (.Outil de téléchargement Windows Live.) -- C:\WINDOWS\Installer\{205C6BDD-7B73-42DE-8505-9A093F35A238}\RichUpload.ico
O90 - PUC: "E7FF67E4ABEA78C47B88DC745E24B5D9" . (.Skype™ 6.3.) -- C:\WINDOWS\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
O90 - PUC: "F479A18A22A86E3429341589FF57D81A" . (.SweetIM for Messenger 3.6.) -- C:\WINDOWS\Installer\{A81A974F-8A22-43E6-9243-5198FF758DA1}\ARPPRODUCTICON.exe =>PUP.SweetIM
~ Update Products: 103 Scanned in 00mn 00s



---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\59558a8be168b917]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\59558a8be168b917]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\59558a8be168b917]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\59558a8be168b917]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\59558a8be168b917]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\59558a8be168b917]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\59558a8be168b917]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\59558a8be168b917]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\59558a8be168b917]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\59558a8be168b917]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\59558a8be168b917]:HPCHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKCU\Software\59558a8be168b917]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\59558a8be168b917]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\59558a8be168b917]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\59558a8be168b917]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\59558a8be168b917]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\59558a8be168b917]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\59558a8be168b917]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\59558a8be168b917]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\59558a8be168b917]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\59558a8be168b917]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\59558a8be168b917]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\59558a8be168b917]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\59558a8be168b917]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\59558a8be168b917]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\59558a8be168b917]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\59558a8be168b917]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\59558a8be168b917]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\59558a8be168b917]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\59558a8be168b917]:HPFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKCU\Software\59558a8be168b917]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\59558a8be168b917]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\59558a8be168b917]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\59558a8be168b917]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\59558a8be168b917]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\59558a8be168b917]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\59558a8be168b917]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\59558a8be168b917]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\59558a8be168b917]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\59558a8be168b917]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\59558a8be168b917]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\59558a8be168b917]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\59558a8be168b917]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\59558a8be168b917]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\59558a8be168b917]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\59558a8be168b917]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\59558a8be168b917]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\59558a8be168b917]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\59558a8be168b917]:HPIEREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKCU\Software\59558a8be168b917]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\59558a8be168b917]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\59558a8be168b917]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\59558a8be168b917]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\59558a8be168b917]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\59558a8be168b917]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\59558a8be168b917]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\59558a8be168b917]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\59558a8be168b917]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\59558a8be168b917]:INSTALL_FOLDER_NAME="BitGuard" =>PUP.BitGuard
[HKCU\Software\59558a8be168b917]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\59558a8be168b917]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\59558a8be168b917]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\59558a8be168b917]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\59558a8be168b917]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\59558a8be168b917]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\59558a8be168b917]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\59558a8be168b917]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\59558a8be168b917]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\59558a8be168b917]:KWFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKCU\Software\59558a8be168b917]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\59558a8be168b917]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\59558a8be168b917]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\59558a8be168b917]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\59558a8be168b917]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\59558a8be168b917]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\59558a8be168b917]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\59558a8be168b917]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\59558a8be168b917]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\59558a8be168b917]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R"
[HKCU\Software\59558a8be168b917]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb"
[HKCU\Software\59558a8be168b917]:NTCHREGEXP2="FO81jovjQUF+5S6+hbF/tG24SsHn9oyWDBuXLj1U8e1fjIJv8XSE4Dy75IlV"
[HKCU\Software\59558a8be168b917]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\59558a8be168b917]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\59558a8be168b917]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\59558a8be168b917]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\59558a8be168b917]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\59558a8be168b917]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\59558a8be168b917]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\59558a8be168b917]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\59558a8be168b917]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\59558a8be168b917]:NTFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKCU\Software\59558a8be168b917]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\59558a8be168b917]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\59558a8be168b917]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\59558a8be168b917]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\59558a8be168b917]:NTFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\59558a8be168b917]:NTFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\59558a8be168b917]:NTFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\59558a8be168b917]:NTFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\59558a8be168b917]:NTFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\59558a8be168b917]:PROTECTOR_DLL_NAME="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\59558a8be168b917]:PROTECT_EXE_NAME="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\59558a8be168b917]:SECHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\59558a8be168b917]:SECHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\59558a8be168b917]:SECHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\59558a8be168b917]:SECHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\59558a8be168b917]:SECHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\59558a8be168b917]:SECHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\59558a8be168b917]:SECHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\59558a8be168b917]:SECHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\59558a8be168b917]:SECHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\59558a8be168b917]:SECHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKCU\Software\59558a8be168b917]:SECHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\59558a8be168b917]:SECHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\59558a8be168b917]:SECHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\59558a8be168b917]:SECHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\59558a8be168b917]:SECHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\59558a8be168b917]:SECHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\59558a8be168b917]:SECHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\59558a8be168b917]:SECHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\59558a8be168b917]:SECHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\59558a8be168b917]:SEFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\59558a8be168b917]:SEFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\59558a8be168b917]:SEFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\59558a8be168b917]:SEFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\59558a8be168b917]:SEFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\59558a8be168b917]:SEFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\59558a8be168b917]:SEFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\59558a8be168b917]:SEFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\59558a8be168b917]:SEFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\59558a8be168b917]:SEFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKCU\Software\59558a8be168b917]:SEFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\59558a8be168b917]:SEFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\59558a8be168b917]:SEFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\59558a8be168b917]:SEFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\59558a8be168b917]:SEFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\59558a8be168b917]:SEFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\59558a8be168b917]:SEFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\59558a8be168b917]:SEFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\59558a8be168b917]:SEFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\59558a8be168b917]:SEIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKCU\Software\59558a8be168b917]:SEIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKCU\Software\59558a8be168b917]:SEIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKCU\Software\59558a8be168b917]:SEIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKCU\Software\59558a8be168b917]:SEIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKCU\Software\59558a8be168b917]:SEIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKCU\Software\59558a8be168b917]:SEIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKCU\Software\59558a8be168b917]:SEIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKCU\Software\59558a8be168b917]:SEIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKCU\Software\59558a8be168b917]:SEIEREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKCU\Software\59558a8be168b917]:SEIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKCU\Software\59558a8be168b917]:SEIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKCU\Software\59558a8be168b917]:SEIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKCU\Software\59558a8be168b917]:SEIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKCU\Software\59558a8be168b917]:SEIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKCU\Software\59558a8be168b917]:SEIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKCU\Software\59558a8be168b917]:SEIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKCU\Software\59558a8be168b917]:SEIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKCU\Software\59558a8be168b917]:SEIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKCU\Software\59558a8be168b917]:SERVICE_NAME="BitGuard" =>PUP.BitGuard
[HKCU\Software\59558a8be168b917]:usrcheckbox="1"
[HKCU\Software\59558a8be168b917]:version="2.6.1673.238"
[HKLM\Software\59558a8be168b917]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKLM\Software\59558a8be168b917]:HPCHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\59558a8be168b917]:HPCHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\59558a8be168b917]:HPCHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\59558a8be168b917]:HPCHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\59558a8be168b917]:HPCHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\59558a8be168b917]:HPCHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\59558a8be168b917]:HPCHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\59558a8be168b917]:HPCHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\59558a8be168b917]:HPCHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\59558a8be168b917]:HPCHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKLM\Software\59558a8be168b917]:HPCHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\59558a8be168b917]:HPCHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\59558a8be168b917]:HPCHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\59558a8be168b917]:HPCHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\59558a8be168b917]:HPCHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\59558a8be168b917]:HPCHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\59558a8be168b917]:HPCHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\59558a8be168b917]:HPCHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\59558a8be168b917]:HPCHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\59558a8be168b917]:HPFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\59558a8be168b917]:HPFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\59558a8be168b917]:HPFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\59558a8be168b917]:HPFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\59558a8be168b917]:HPFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\59558a8be168b917]:HPFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\59558a8be168b917]:HPFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\59558a8be168b917]:HPFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\59558a8be168b917]:HPFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\59558a8be168b917]:HPFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKLM\Software\59558a8be168b917]:HPFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\59558a8be168b917]:HPFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\59558a8be168b917]:HPFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\59558a8be168b917]:HPFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\59558a8be168b917]:HPFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\59558a8be168b917]:HPFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\59558a8be168b917]:HPFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\59558a8be168b917]:HPFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\59558a8be168b917]:HPFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\59558a8be168b917]:HPIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\59558a8be168b917]:HPIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\59558a8be168b917]:HPIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\59558a8be168b917]:HPIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\59558a8be168b917]:HPIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\59558a8be168b917]:HPIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\59558a8be168b917]:HPIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\59558a8be168b917]:HPIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\59558a8be168b917]:HPIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\59558a8be168b917]:HPIEREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKLM\Software\59558a8be168b917]:HPIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\59558a8be168b917]:HPIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\59558a8be168b917]:HPIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\59558a8be168b917]:HPIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\59558a8be168b917]:HPIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\59558a8be168b917]:HPIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\59558a8be168b917]:HPIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\59558a8be168b917]:HPIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\59558a8be168b917]:HPIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\59558a8be168b917]:INSTALL_FOLDER_NAME="BitGuard" =>PUP.BitGuard
[HKLM\Software\59558a8be168b917]:KWFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\59558a8be168b917]:KWFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\59558a8be168b917]:KWFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\59558a8be168b917]:KWFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\59558a8be168b917]:KWFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\59558a8be168b917]:KWFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\59558a8be168b917]:KWFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\59558a8be168b917]:KWFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\59558a8be168b917]:KWFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\59558a8be168b917]:KWFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKLM\Software\59558a8be168b917]:KWFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\59558a8be168b917]:KWFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\59558a8be168b917]:KWFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\59558a8be168b917]:KWFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\59558a8be168b917]:KWFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\59558a8be168b917]:KWFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\59558a8be168b917]:KWFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\59558a8be168b917]:KWFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\59558a8be168b917]:KWFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\59558a8be168b917]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R"
[HKLM\Software\59558a8be168b917]:NTCHREGEXP1="FO81jovjQUF+5S6+hbF0tnG4Tc/u94SDBhydJTxS8+ldnZRi5niE4Dm49Yxb"
[HKLM\Software\59558a8be168b917]:NTCHREGEXP2="FO81jovjQUF+5S6+hbF/tG24SsHn9oyWDBuXLj1U8e1fjIJv8XSE4Dy75IlV"
[HKLM\Software\59558a8be168b917]:NTFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\59558a8be168b917]:NTFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\59558a8be168b917]:NTFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\59558a8be168b917]:NTFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\59558a8be168b917]:NTFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\59558a8be168b917]:NTFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\59558a8be168b917]:NTFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\59558a8be168b917]:NTFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\59558a8be168b917]:NTFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\59558a8be168b917]:NTFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKLM\Software\59558a8be168b917]:NTFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\59558a8be168b917]:NTFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\59558a8be168b917]:NTFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\59558a8be168b917]:NTFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\59558a8be168b917]:NTFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\59558a8be168b917]:NTFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\59558a8be168b917]:NTFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\59558a8be168b917]:NTFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\59558a8be168b917]:NTFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\59558a8be168b917]:PROTECTOR_DLL_NAME="BitGuard.dll" =>PUP.BitGuard
[HKLM\Software\59558a8be168b917]:PROTECT_EXE_NAME="BitGuard.exe" =>PUP.BitGuard
[HKLM\Software\59558a8be168b917]:SECHREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\59558a8be168b917]:SECHREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\59558a8be168b917]:SECHREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\59558a8be168b917]:SECHREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\59558a8be168b917]:SECHREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\59558a8be168b917]:SECHREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\59558a8be168b917]:SECHREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\59558a8be168b917]:SECHREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\59558a8be168b917]:SECHREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\59558a8be168b917]:SECHREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKLM\Software\59558a8be168b917]:SECHREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\59558a8be168b917]:SECHREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\59558a8be168b917]:SECHREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\59558a8be168b917]:SECHREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\59558a8be168b917]:SECHREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\59558a8be168b917]:SECHREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\59558a8be168b917]:SECHREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\59558a8be168b917]:SECHREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\59558a8be168b917]:SECHREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\59558a8be168b917]:SEFFREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\59558a8be168b917]:SEFFREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\59558a8be168b917]:SEFFREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\59558a8be168b917]:SEFFREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\59558a8be168b917]:SEFFREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\59558a8be168b917]:SEFFREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\59558a8be168b917]:SEFFREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\59558a8be168b917]:SEFFREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\59558a8be168b917]:SEFFREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\59558a8be168b917]:SEFFREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKLM\Software\59558a8be168b917]:SEFFREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\59558a8be168b917]:SEFFREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\59558a8be168b917]:SEFFREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\59558a8be168b917]:SEFFREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\59558a8be168b917]:SEFFREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\59558a8be168b917]:SEFFREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\59558a8be168b917]:SEFFREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\59558a8be168b917]:SEFFREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\59558a8be168b917]:SEFFREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\59558a8be168b917]:SEIEREGEXP0="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41YG65LTMswjv2p+BbY"
[HKLM\Software\59558a8be168b917]:SEIEREGEXP10="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tcC7Z7DtYJweyl/WTcdvz1SHs="
[HKLM\Software\59558a8be168b917]:SEIEREGEXP11="FO81jovjQUF+5S6+hb1oqXHuCob28bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4PgTyj"
[HKLM\Software\59558a8be168b917]:SEIEREGEXP12="FO81jovjQUF+5S6+hb1oqXHuCobi7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4bnTyj"
[HKLM\Software\59558a8be168b917]:SEIEREGEXP13="FO81jovjQUF+5S6+hb1oqXHuCobh7bvIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4YnTyj"
[HKLM\Software\59558a8be168b917]:SEIEREGEXP14="FO81jovjQUF+5S6+hb1oqXHuCobp+7vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Qizyj"
[HKLM\Software\59558a8be168b917]:SEIEREGEXP15="FO81jovjQUF+5S6+hb1oqXHuCobq77vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Tnzyj"
[HKLM\Software\59558a8be168b917]:SEIEREGEXP16="FO81jovjQUF+5S6+hb1oqXHuCob097vIARmacmgOwqhSgp8k3Sia4We454NmCbZefM0c/670ylCTeqKqVQ4Nhzyj"
[HKLM\Software\59558a8be168b917]:SEIEREGEXP17="FO81jovjQUF+5S6+hf10qXWkH4avttjOR1OpbXMX8/9twJ1l7X6A6gb39opYC7RPf4sPz/Povw=="
[HKLM\Software\59558a8be168b917]:SEIEREGEXP18="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5tLEKdLRvlB0/un51uaSb37CTxXxQ=="
[HKLM\Software\59558a8be168b917]:SEIEREGEXP1="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4xVGKVIf4gfxf+09lCuO/D3C39T"
[HKLM\Software\59558a8be168b917]:SEIEREGEXP2="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tcFaNGf4gfxf+09lCuO/D3C39T"
[HKLM\Software\59558a8be168b917]:SEIEREGEXP3="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr41MHLlIUMAN0v2uyRaRev62TA=="
[HKLM\Software\59558a8be168b917]:SEIEREGEXP4="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES/lBx/Gn+WTcdvz1SHs="
[HKLM\Software\59558a8be168b917]:SEIEREGEXP5="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5xcGKVES8IDzMLo9lefO7k="
[HKLM\Software\59558a8be168b917]:SEIEREGEXP6="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4dWFbZURsQew/aau1udeL2y"
[HKLM\Software\59558a8be168b917]:SEIEREGEXP7="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4hWFaRCQtcPyMLo9lefO7k="
[HKLM\Software\59558a8be168b917]:SEIEREGEXP8="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr4tYFbJURsQew/aau1udeL2y"
[HKLM\Software\59558a8be168b917]:SEIEREGEXP9="FO81jovjQUF+5S6+hf10qXWkDdqpoN3JRlHKawFcs/wBwMtXrErF03Tzr5pXFosKUMAN0v2uyRaRev62TA=="
[HKLM\Software\59558a8be168b917]:SERVICE_NAME="BitGuard" =>PUP.BitGuard
[HKLM\Software\59558a8be168b917]:usrcheckbox="1"
[HKLM\Software\59558a8be168b917]:version="2.6.1673.238"
~ Export Key Software:  Scanned in 00mn 00s



---\\ Enumère les données de la clé NameSpace (MNS) (O92)
O92 - MNS: Dossiers Web - {BDEADF00-C265-11D0-BCED-00A0C90AB50F}
~ MNS: 1 Scanned in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.F518ADC1BB9896FD64A6AE1EA7106250] [WIS][09/11/2011] (.SweetIM Technologies Ltd. - SweetIM for Messenger 3.6.) -- C:\Windows\Installer\103ffe5.msi   [1947136] =>PUP.SweetIM
[MD5.C56B054644ECE4D13875822F6E6EC0C2] [WIS][15/02/2011] (.Spigot, Inc. - Widgi Toolbar.) -- C:\Windows\Installer\133c8a9.msi   [1016832] =>PUP.Dealio
[MD5.339963172CF929EFF32E9B80CA68F374] [WIS][06/01/2012] (.Iminent - Iminent.) -- C:\Windows\Installer\14ae59d.msi   [1476608] =>Adware.IMBooster
[MD5.C16BE78D83F3B4BCC651674348E528DE] [WIS][29/12/2010] (.VirginMega.Fr - VirginMega.Fr Premium.) -- C:\Windows\Installer\17af1d6.msi   [1977856]
[MD5.81047281A59EF68881EAFB0A6B420E3C] [WIS][21/08/2010] (.VIA Technologies, Inc. - VIA Universal Setup Program.) -- C:\Windows\Installer\18e8b.msi   [2740736]
[MD5.53A6B1CB96E12E3E72D6AC7C549496C3] [WIS][23/08/2010] (.IncrediMail - IncrediMail.) -- C:\Windows\Installer\1b1193.msi   [2963456]
[MD5.E5983BF3E3B6E435EE356DC5C07E7B89] [WIS][16/06/2010] (.OpenXML/ODF Translator Team - ODF Add-in for Microsoft Office.) -- C:\Windows\Installer\1bbb889.msi   [4522496]
[MD5.8B5340F77855FCCE322B856A46319D71] [WIS][28/08/2012] (.IClaro - IClaroInstaller.) -- C:\Windows\Installer\1bd03c9.msi   [150528]
[MD5.E225B8A8EA8F9AA4BB79183CC3AF419C] [WIS][04/10/2012] (.None - PixiePack Codec Pack.) -- C:\Windows\Installer\39cd3d.msi   [304128]
[MD5.972E4339ECB877884CC1267ADD55B622] [WIS][18/01/2011] (.Ask.com - Blank Project Template.) -- C:\Windows\Installer\4715eb.msi   [2229760]
[MD5.537C7F6D647AD3B789DA496B41858204] [WIS][25/12/2010] (.HP - Overland.) -- C:\Windows\Installer\49ba0.msi   [509952]
[MD5.613004975C1FD19CA56B33B4E9F0D2D0] [WIS][31/05/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\8a0ab4.msi   [1638912]
~ WIS: 115 Scanned in 00mn 04s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 20/09/2013 257416 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 21/09/2013 42504 |  (Allin1Convert_8hService) . (.COMPANYVERS_NAME.) - C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe =>Adware.Allin1Convert
SR - | Auto 24/10/2011 55144 |  (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 10/09/2013 2845152 |  (BitGuard) . (...) - C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe =>PUP.BitGuard
SS - | Demand 14/04/2008 225280 |  (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 14/11/2011 136176 |  (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 14/11/2011 136176 |  (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Auto 04/04/2013 181664 |  (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SR - | Auto 07/05/2010 162648 |  (LVPrcSrv) . (.Logitech Inc..) - C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcSrv.exe
SR - | Auto 04/04/2013 418376 |  (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 |  (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 05/01/2004 65795 |  (Pml Driver HPZ12) . (.HP.) - C:\WINDOWS\system32\HPZipm12.exe
SR - | Auto 16/04/2013 39056 |  (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SS - | Auto 19/04/2013 161384 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 22/04/2011 92592 |  (TomTomHOMEService) . (.TomTom.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
~ Services:  Scanned in 00mn 05s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Anne at 21/09/2013 10:18:43

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys 
1 ntkrnlpa!IofCallDriver[0x804EF200] >> \Device\Harddisk0\DR0[0x89DBDAB8]
3 CLASSPNP[0xBA0E8FD7] >> ntkrnlpa!IofCallDriver[0x804EF200] >> \Device\00000069[0x89D81318]
5 ACPI[0xB9F7E620] >> ntkrnlpa!IofCallDriver[0x804EF200] >> \Device\Ide\IdeDeviceP2T0L0-5[0x89DBCD98]
kernel: MBR read successfully
user & kernel MBR OK 
~ MBR: 13 Scanned in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Anne at 21/09/2013 10:18:45

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR:  Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 12924 - (19/09/2013)
Clés trouvées (Keys found) : 141
Valeurs trouvées (Values found) : 2
Dossiers trouvés  (Folders found) : 14
Fichiers trouvés  (Files found) : 47

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A4C2FB10-84C3-44EB-9F9E-860FA1D9A797}]   =>Adware.Allin1Convert^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]   =>Toolbar.DeltaSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBCBC43A-DCA9-4192-A4C8-B57FD0F77D4D}]   =>Adware.Allin1Convert^
[HKLM\SYSTEM\CurrentControlSet\Services\Allin1Convert_8hService]   =>Adware.Allin1Convert^
[HKLM\SYSTEM\CurrentControlSet\Services\BitGuard]   =>PUP.BitGuard^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Allin1Convert_8hbar Uninstall Firefox]   =>Adware.Allin1Convert^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Allin1Convert_8hbar Uninstall Internet Explorer]   =>Adware.Allin1Convert^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}]   =>PUP.BitGuard^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar]   =>Toolbar.DeltaSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\delta]   =>Toolbar.DeltaSearch^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Bubble Dock]   =>Toolbar.BubbleDock^
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]   =>Toolbar.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}]   =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{27100E88-8830-44ED-9D6A-CA24F3523F39}]   =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]   =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}]   =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{C31103D1-E584-4880-B1D3-6B1DF6FBDE22}]   =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]   =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escort.dll]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE]   =>Toolbar.Babylon
[HKLM\Software\Classes\escort.escortIEPane]   =>PUP.Funmoods
[HKLM\Software\Classes\escort.escortIEPane.1]   =>PUP.Funmoods
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\430E8DB44F0E90547A3564A7E858C48D]   =>Adware.IMBooster
[HKLM\Software\Classes\Installer\Features\59B0DDD9E3F1E354F921AEBCD06D6BFC]   =>AdWare.AdSpy
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888]   =>Toolbar.Ask
[HKLM\Software\Classes\Installer\Features\F479A18A22A86E3429341589FF57D81A]   =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Products\F479A18A22A86E3429341589FF57D81A]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F479A18A22A86E3429341589FF57D81A]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9]   =>Adware.MyWebSearch
[HKCU\Software\Microsoft\Internet Explorer\MenuExt\&search]   =>Adware.BHO
[HKCU\Software\DataMngr]   =>Adware.Bandoo
[HKLM\Software\DataMngr]   =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\Prod.cap]   =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings]   =>PUP.BProtector
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]   =>Toolbar.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]   =>Toolbar.Tarma
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}]   =>PUP.Funmoods
[HKLM\Software\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}]   =>PUP.Funmoods
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E]   =>PUP.SweetIM
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaappCore]   =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltaappCore.1]   =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd]   =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd.1]   =>PUP.Funmoods
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\175C300D9A9FB725484BA7DCEE4B56B8]   =>PUP.ClaroSearch
[HKLM\Software\Classes\Installer\Features\6F43FA474FCAC834C9E7AF30706BE054]   =>PUP.ClaroSearch
[HKLM\Software\Classes\Installer\Products\6F43FA474FCAC834C9E7AF30706BE054]   =>PUP.ClaroSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6F43FA474FCAC834C9E7AF30706BE054]   =>PUP.ClaroSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5C8B5FB7CB5DD447A0BAAAF637FBD77]   =>PUP.ClaroSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF96568971BEAC14B8815883832BD484]   =>PUP.ClaroSearch
[HKCU\Software\Microsoft\IClaroDirectory]   =>PUP.ClaroSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044]   =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9]   =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9]   =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24]   =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607]   =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F]   =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21]   =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF]   =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A]   =>Adware.IMBooster
[HKLM\Software\Google\Chrome\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok]   =>Hijacker.FreehdsportTV
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{938958E8-355C-49FF-92B0-53C1B87ACEA9}]   =>PUP.SpecialSavings
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{938958E8-355C-49FF-92B0-53C1B87ACEA9}]   =>PUP.SpecialSavings
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD1A63BA-A08C-431B-9A34-F240AADC728D}]   =>Adware.MyWebSearch
[HKLM\Software\Classes\CLSID\{CD1A63BA-A08C-431B-9A34-F240AADC728D}]   =>Adware.MyWebSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C2FB10-84C3-44EB-9F9E-860FA1D9A797}]   =>Adware.Allin1Convert
[HKLM\Software\Classes\CLSID\{A4C2FB10-84C3-44EB-9F9E-860FA1D9A797}]   =>Adware.Allin1Convert
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d}]   =>Adware.Allin1Convert
[HKLM\Software\Classes\CLSID\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d}]   =>Adware.Allin1Convert
[HKCU\Software\Allin1Convert_8h]   =>Adware.Allin1Convert
[HKLM\Software\Allin1Convert_8h]   =>Adware.Allin1Convert
[HKLM\Software\Classes\delta.deltaHlpr]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaHlpr.1]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc.1]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\IncrediSpooler.DeltaSync]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\IncrediSpooler.DeltaSync.1]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\escorTlbr.DLL]   =>PUP.Funmoods
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636]   =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094]   =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536]   =>PUP.SweetIM^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{82E1477C-B154-48D3-9891-33D83C26BCD3}   =>Toolbar.DeltaSearch^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Allin1Convert Search Scope Monitor   =>Adware.Allin1Convert^
C:\Program Files\Allin1Convert_8h   =>Adware.Allin1Convert^
C:\Program Files\Allin1Convert_8hEI   =>Adware.Allin1Convert^
C:\Documents and Settings\All Users\Application Data\Babylon   =>Toolbar.Babylon^
C:\Documents and Settings\All Users\Application Data\BitGuard   =>PUP.BitGuard^
C:\Documents and Settings\All Users\Application Data\BrowserProtect(2)   =>Hijacker.Eazel^
C:\Documents and Settings\Anne\Application Data\Allin1Convert_8h   =>Adware.Allin1Convert^
C:\Documents and Settings\Anne\Application Data\BabSolution   =>Hijacker.BabSolution^
C:\Documents and Settings\Anne\Application Data\Babylon   =>Toolbar.Babylon^
C:\Documents and Settings\Anne\Application Data\searchqutoolbar(2)   =>PUP.Datamngr^
C:\Documents and Settings\Anne\Application Data\SpeedAnalysis3   =>PUP.SpeedAnalysis^
C:\Documents and Settings\Anne\Menu Démarrer\Programmes\BitGuard   =>PUP.BitGuard^
C:\Documents and Settings\All Users\Application Data\InstallMate   =>Toolbar.Tarma
C:\Documents and Settings\Anne\Application Data\searchcoreband   =>Adware.Bandoo
C:\Documents and Settings\Anne\Application Data\searchcoretoolbar   =>Adware.Bandoo
C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe   =>PUP.BitGuard^
C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe   =>Adware.Allin1Convert^
C:\Program Files\Allin1Convert_8h\bar\1.bin\CrExtP8h.exe   =>Adware.Allin1Convert^
C:\Program Files\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll   =>Adware.Allin1Convert^
C:\Program Files\Delta\delta\1.8.24.6\bh\delta.dll   =>Toolbar.DeltaSearch^
C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbar.dll   =>Adware.Allin1Convert^
C:\Program Files\Delta\delta\1.8.24.6\deltaTlbr.dll   =>Toolbar.DeltaSearch^
C:\Program Files\Allin1Convert_8h\bar\1.bin\8hSrchMn.exe   =>Adware.Allin1Convert^
C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll   =>PUP.BitGuard^
C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe   =>Adware.Allin1Convert^
C:\WINDOWS\Tasks\BitGuard.job   =>PUP.BitGuard^
C:\Documents and Settings\Anne\Application Data\BabSolution\Shared\BabMaint.exe   =>Hijacker.BabSolution^
[HKCU\Software\BabSolution]   =>Hijacker.BabSolution^
[HKCU\Software\DataMngr_Toolbar]   =>PUP.Datamngr^
C:\WINDOWS\Prefetch\WAJAM_VALIDATE.EXE-07EA151F.pf   =>Toolbar.Wajam^
C:\WINDOWS\Prefetch\DELTATB_20130715.EXE-3A410F3F.pf   =>Toolbar.DeltaSearch^
C:\WINDOWS\Prefetch\DSEARCHLINK.EXE-3417429B.pf   =>Toolbar.DeltaSearch^
C:\WINDOWS\Prefetch\MYDELTATB.EXE-3AF4E758.pf   =>Toolbar.DeltaSearch^
C:\WINDOWS\Prefetch\BABMAINT.EXE-33227129.pf   =>Hijacker.BabSolution^
C:\WINDOWS\Prefetch\BITGUARD.EXE-2B7EAB9E.pf   =>PUP.BitGuard^
C:\WINDOWS\Prefetch\BABMAINT.EXE-024311E9.pf   =>Hijacker.BabSolution^
C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\C5JQTBA0\fr.answers.yahoo   =>Toolbar.Yahoo^
C:\Documents and Settings\Anne\Local Settings\Temp\CDD4ED8C-BAB0-7891-8550-0865FA8D8C7F\Latest\bab138.deltatb_dmn.zpb   =>Toolbar.DeltaSearch^
C:\Documents and Settings\Anne\Local Settings\Temp\CDD4ED8C-BAB0-7891-8550-0865FA8D8C7F\Latest\DSearchLink_DT.zpb   =>Toolbar.DeltaSearch^
C:\Documents and Settings\Anne\Local Settings\Temp\CDD4ED8C-BAB0-7891-8550-0865FA8D8C7F\Latest\DeltaTB.zpb   =>Toolbar.DeltaSearch^
C:\Documents and Settings\Anne\Menu Démarrer\Programmes\BitGuard\Uninstall BitGuard.lnk   =>PUP.BitGuard^
C:\Documents and Settings\Anne\Application Data\Babylon\log_file.txt   =>Toolbar.Babylon^
C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\X4ESP0CC\www2.delta-search   =>Toolbar.DeltaSearch^
C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\0\extensions\8hffxtbr@Allin1Convert_8h.com\bootstrap.js   =>Adware.Allin1Convert^
C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\0\extensions\8hffxtbr@Allin1Convert_8h.com\chrome.manifest   =>Adware.Allin1Convert^
C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\extensions\extensions\8hffxtbr@Allin1Convert_8h.com\bootstrap.js   =>Adware.Allin1Convert^
C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\extensions\extensions\8hffxtbr@Allin1Convert_8h.com\chrome.manifest   =>Adware.Allin1Convert^
C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\0\extensions\8hffxtbr@Allin1Convert_8h.com\install.rdf   =>Adware.Allin1Convert^
C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\extensions\extensions\8hffxtbr@Allin1Convert_8h.com\install.rdf   =>Adware.Allin1Convert^
C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\0\extensions\8hffxtbr@Allin1Convert_8h.com\chrome\8hffxtbr.jar   =>Adware.Allin1Convert^
C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\0\extensions\8hffxtbr@Allin1Convert_8h.com\installKeys.js   =>Adware.Allin1Convert^
C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\extensions\extensions\8hffxtbr@Allin1Convert_8h.com\chrome\8hffxtbr.jar   =>Adware.Allin1Convert^
C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\extensions\extensions\8hffxtbr@Allin1Convert_8h.com\installKeys.js   =>Adware.Allin1Convert^
C:\Documents and Settings\Anne\Application Data\Allin1Convert_8h\UrlFolderExtension.uf1   =>Adware.Allin1Convert^
C:\Documents and Settings\Anne\Application Data\Allin1Convert_8h\UrlFolderExtension.ufm   =>Adware.Allin1Convert^
C:\WINDOWS\Installer\{A81A974F-8A22-43E6-9243-5198FF758DA1}\ARPPRODUCTICON.exe   =>PUP.SweetIM^
[HKCU\Software\59558a8be168b917]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}"   =>Hijacker.Eazel^
[HKLM\Software\59558a8be168b917]:GUID="{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}"   =>Hijacker.Eazel^
C:\Windows\Installer\103ffe5.msi   =>PUP.SweetIM^
C:\Windows\Installer\133c8a9.msi   =>PUP.Dealio^
C:\Windows\Installer\14ae59d.msi   =>Adware.IMBooster^
C:\WINDOWS\Tasks\EPUpdater.job   =>Hijacker.BabSolution
~ Additionnel Scan: 267247 Items scanned in 00mn 35s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/32979753-pup-bitguard   =>PUP.BitGuard
~ http://nicolascoolman.webs.com/apps/blog/show/30478407-adware-allin1convert   =>Adware.Allin1Convert
~ http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar   =>Hijacker.SmartBar
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch   =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply   =>PUP.DealPly
~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution   =>Hijacker.BabSolution
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr   =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon  =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel   =>Hijacker.Eazel
~ http://nicolascoolman.webs.com/apps/blog/show/28153012-pup-speedanalysis   =>PUP.SpeedAnalysis
~ http://nicolascoolman.webs.com/apps/blog/show/27379491-toolbar-wajam   =>Toolbar.Wajam
~ http://nicolascoolman.webs.com/apps/blog/show/31746142-toolbar-bubbledock   =>Toolbar.BubbleDock
~ http://nicolascoolman.webs.com/apps/blog/show/30268689-toolbar-yahoo   =>Toolbar.Yahoo
~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim   =>PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio   =>PUP.Dealio
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster  =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods   =>PUP.Funmoods
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask   =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch   =>Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo  =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector   =>PUP.BProtector
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma   =>Toolbar.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/27563212-pup-clarosearch  =>PUP.ClaroSearch
~ http://nicolascoolman.webs.com/apps/blog/show/30583270-hijacker-freehdsporttv   =>Hijacker.FreeHDSportTV
~ http://nicolascoolman.webs.com/apps/blog/show/26686441-pup-specialsavings   =>PUP.SpecialSavings
~ MSI: 25 link(s) detected in 00mn 35s



End of the scan (2871 lines in 05mn 22s)(0)