Rapport de ZHPDiag v2013.4.17.96 par Nicolas Coolman, Update du 17.04.2013
Run by Fits at 18.04.2013 22:13:33
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program


---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16540
MFIE: Mozilla Firefox 10.0.2 v10.0.2

---\\ Windows Product Information
~ Langage: Français
Windows Vista Home Premium Edition, 64-bit  (Build 6000)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 9YQTR
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK

---\\ System Protection
avast! Internet Security v8.0.1483.0

---\\ System Optimizer

---\\ Software Update
Adobe Flash Player 11 Plugin
Java 7 Update 17

---\\ System Information
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8104.1 MB (71% free)
System Restore: Activé (Enable)
System drive C: has 201 GB (72%) free of 279 GB

---\\ Logged in mode
~ Computer Name: FITS-PC
~ User Name: Fits
~ All Users Names: UpdatusUser, HomeGroupUser$, Fits, Administrateur, 
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Fits\AppData\Roaming\
~ %Desktop% : C:\Users\Fits\Desktop\
~ %Favorites% : C:\Users\Fits\Favorites\
~ %LocalAppData% : C:\Users\Fits\AppData\Local\
~ %StartMenu% : C:\Users\Fits\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 201 Go of 279 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 101 Go of 394 Go)
E:\ CD-ROM drive (Free 0 Go of 6 Go)
Q:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime :  OK
~ Security Center:  Scanned in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25.02.2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14.07.2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.753C0848AE7872A3F59663078A517293] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21.02.2013 - 11:15:07.) -- C:\Windows\System32\wininet.dll [2240512]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20.11.2010 - 14:25:32.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20.11.2010 - 14:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28.12.2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14.07.2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14.07.2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20.11.2010 - 10:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20.11.2010 - 10:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20.11.2010 - 11:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14.07.2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14.07.2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27.04.2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20.11.2010 - 10:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B8965FB53551B5455630A4B804D0791F] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02.03.2013 - 07:04:53.) -- C:\Windows\system32\Drivers\ntfs.sys [1655656]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14.07.2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20.11.2010 - 11:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14.07.2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20.11.2010 - 10:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20.11.2010 - 14:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes musiques (My Musics) : 1/274
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 2/21
~ Mon Bureau (My Desktop) : 1/879
~ Menu demarrer (Programs) : 1/41
~ Hidden Files:  Scanned in 00mn 00s



---\\ Processus lancés
[MD5.BC3DA234CDA880578526DAB028F40268] - (.ASUS - SmartLogon Application.) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe   [305792] [PID.2432]
[MD5.5BB1F77C8AF725A15EC9366498D275BB] - (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe   [5732992] [PID.2484]
[MD5.F4DCD4912B185C3AAEB92A7040832AD1] - (.Pas de propriétaire - ALU.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe   [51768] [PID.2508]
[MD5.37DEB76A2CF005841C4E45DE2B94D84F] - (.ASUS - AsScrPro.) -- C:\Windows\AsScrPro.exe   [3058304] [PID.2032]
[MD5.57B4D34232852BFE4453BE571DF90D21] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe   [103720] [PID.3236]
[MD5.3A69182A473527501ABAB379D2B2FC2D] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Fits\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe   [1104280] [PID.5136]
[MD5.79A3B950988F8D2B81906D0C0473158B] - (.ASUS - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe   [170624] [PID.5772]
[MD5.5AEBF6FA9805C9101220AA4FB4FA17E7] - (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe   [105016] [PID.5800]
[MD5.FD22B00049F775E952371E9C3DAC631B] - (.Pas de propriétaire - Wireless Console 3.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe   [1601536] [PID.5620]
[MD5.08660140E548227B6EE70501A0680088] - (.Logitech(c) - Logitech(c) G35 Headset.) -- C:\Program Files (x86)\Logitech\G35\G35.exe   [1811800] [PID.5524]
[MD5.E4401CF27225C1D6E664E86195978562] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe   [152544] [PID.5128]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   [252848] [PID.948]
[MD5.148C545849C1379A3D4448F5DE768E86] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe   [4767304] [PID.6048]
[MD5.4E9592BB2C100E571F82640E59E9ECD5] - (.Google Inc. - Google Chrome.) -- C:\Users\Fits\AppData\Local\Google\Chrome\Application\chrome.exe   [1312720] [PID.1644]
[MD5.8C37F5AC3666F09AEBDE0B79ACB96B95] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [6849024] [PID.5068]
[MD5.18E5C2F937F9DEB8C282DF66A3761925] - (.ASUS - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe   [84536] [PID.1356]
[MD5.7910158929571214A959D5A6D16DD9C0] - (.ASUS - GFNEXSrv.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe   [96896] [PID.1440]
[MD5.41735B82DB57E4EBE9504EC400FD120E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe   [45248] [PID.1468]
[MD5.DA387EDDBA421A7A8132E256343C2799] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe   [136912] [PID.1688]
[MD5.01F61F0F2B551EAEE2C12619B13B93D2] - (.ASUS - HControl.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe   [166528] [PID.1528]
[MD5.A5299D04ED225D64CF07A568A3E1BF8C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe   [55184] [PID.2264]
[MD5.4C4A576818EA028257C624AE36FF7A03] - (.Atheros - Atheros Coex Service Application.) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe   [138400] [PID.2868]
[MD5.C3CDDD18F43D44AB713CF8C4916F7696] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe   [219496] [PID.3664]
[MD5.13693B6354DD6E72DC5131DA7D764B90] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe   [508776] [PID.4020]
[MD5.72794D112CBAFF3BC0C29BF7350D4741] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe   [822624] [PID.4200]
[MD5.149126216A694E6BA84E92ECA77AAE3B] - (.ASUS - ATKOSD.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe   [2488888] [PID.4508]
[MD5.AA11E1368EEB237DD100BAC6AFFE1C57] - (.ASUS - KBFiltr.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe   [113208] [PID.4784]
[MD5.4A7C441D99D86704D194E7678873B95D] - (.ASUS - WDC.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe   [174648] [PID.5364]
[MD5.0803906D607A9B83184447B75B60ECC2] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe   [325656] [PID.4652]
[MD5.EB79C6C91A99930015EF29AE7FA802D1] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe   [2655768] [PID.3924]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Fits\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
~ Google Browser:  Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Users\Fits\AppData\Roaming\Mozilla\Firefox\Profiles\m8d1rk30.default\prefs.js
M2 - MFEP: prefs.js [Fits - m8d1rk30.default\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}] [] uTorrentBar_FR Community Toolbar v3.13.0.6 (..)
P2 - FPN: [HKCU] [pandonetworks.com/PandoWebPlugin] - (.Pando Networks - Pando Web Plugin.) -- C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
~ Firefox Browser: 13 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R3 - URLSearchHook: uTorrentBar_FR Toolbar [64Bits] - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Conduit Ltd. - Conduit Toolbar.) (6.4.0.0) -- C:\Program Files (x86)\uTorrentBar_FR\prxtbuTor.dll  =>Toolbar.Conduit
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ IE Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: uTorrentBar_FR [64Bits] - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files (x86)\uTorrentBar_FR\prxtbuTor.dll  =>Toolbar.Conduit
~ BHO: 9 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
~ Toolbar:  Scanned in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [VizorHtmlDialog.exe] . (.Trend Micro Inc. - Trend Titanium.) -- C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe 
O4 - HKLM\..\Run: [Trend Micro Client Framework] . (.Trend Micro Inc. - Trend Micro Client Session Agent Monitor.) -- C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe 
O4 - HKLM\..\Run: [Trend Micro Titanium] . (.Trend Micro Inc. - VizorShortCut Dynamic Link Library.) -- C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe 
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe 
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe 
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe 
O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe 
O4 - HKLM\..\Run: [AmIcoSinglun64] . (.Alcor Micro Corp. - Single LUN Icon Utility for VID 058F PID 63.) -- C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe 
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.) 
O4 - HKLM\..\Run: [SynAsusAcpi] C:\Program Files (x86)\Synaptics\SynTP\SynAsusAcpi.exe (.not file.) 
O4 - HKLM\..\Run: [AtherosBtStack] . (.Atheros Communications - Serveur Stack Bluetooth.) -- C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe 
O4 - HKLM\..\Run: [AthBtTray] . (.Atheros Commnucations - Bluetooth Suite Common Rescource.) -- C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe 
O4 - HKLM\..\Run: [IntelTBRunOnce] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe 
O4 - HKLM\..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd (.not file.) 
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe 
O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files (x86)\Steam\Steam.exe 
O4 - HKCU\..\Run: [MSIDLL] ll32.exe 
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Fits\AppData\Local\Google\Update\GoogleUpdate.exe 
O4 - HKCU\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\Fits\AppData\Roaming\Spotify\Spotify.exe 
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Fits\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe 
O4 - HKLM\..\Wow6432Node\Run: [Nuance PDF Reader-reminder] . (.Nuance Communications, Inc. - Ereg.) -- C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe 
O4 - HKLM\..\Wow6432Node\Run: [ASUSPRP] . (.ASUSTek Computer Inc. - ASUS Product Register Program.) -- C:\Program Files (x86)\ASUS\APRP\APRP.exe 
O4 - HKLM\..\Wow6432Node\Run: [ASUSWebStorage] . (.ecareme - AsusWebStorage.) -- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe 
O4 - HKLM\..\Wow6432Node\Run: [ATKOSD2] . (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe 
O4 - HKLM\..\Wow6432Node\Run: [ATKMEDIA] . (.ASUS - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe 
O4 - HKLM\..\Wow6432Node\Run: [HControlUser] . (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe 
O4 - HKLM\..\Wow6432Node\Run: [Wireless Console 3] . (.Pas de propriétaire - Wireless Console 3.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe 
O4 - HKLM\..\Wow6432Node\Run: [UpdateLBPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe 
O4 - HKLM\..\Wow6432Node\Run: [UpdateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe 
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe 
O4 - HKLM\..\Wow6432Node\Run: [Logitech G35] . (.Logitech(c) - Logitech(c) G35 Headset.) -- C:\Program Files (x86)\Logitech\G35\G35.exe 
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe 
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe 
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe 
O4 - HKUS\S-1-5-21-2512810324-267804827-496726001-1001\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe 
O4 - HKUS\S-1-5-21-2512810324-267804827-496726001-1001\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files (x86)\Steam\Steam.exe 
O4 - HKUS\S-1-5-21-2512810324-267804827-496726001-1001\..\Run: [MSIDLL] ll32.exe 
O4 - HKUS\S-1-5-21-2512810324-267804827-496726001-1001\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Fits\AppData\Local\Google\Update\GoogleUpdate.exe 
O4 - HKUS\S-1-5-21-2512810324-267804827-496726001-1001\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\Fits\AppData\Roaming\Spotify\Spotify.exe 
O4 - HKUS\S-1-5-21-2512810324-267804827-496726001-1001\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Fits\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe 
~ Application:  Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch: Google Chrome.lnk . (...)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.not file.)
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.)  -- C:\Windows\system32\eudcedit.exe 
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft  Windows Fax and Scan.)  -- C:\Windows\system32\WFS.exe 
O4 - GS\Desktop: Zattoo.lnk . (.Zattoo Inc. - Zattoo4.)  -- C:\Program Files (x86)\Zattoo4\Zattoo.exe 
O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Users\Fits\AppData\Local\Google\Chrome\Application\chrome.exe 
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\Programs: Spotify.lnk . (.Spotify Ltd - Spotify.)  -- C:\Users\Fits\AppData\Roaming\Spotify\spotify.exe 
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.)  -- C:\Program Files (x86)\Skype\Phone\Skype.exe 
O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Users\Fits\AppData\Local\Google\Chrome\Application\chrome.exe 
O4 - GS\Desktop: Spotify.lnk . (.Spotify Ltd - Spotify.)  -- C:\Users\Fits\AppData\Roaming\Spotify\spotify.exe 
~ Global Startup:  Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Clé orpheline
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{34F77ECD-A27E-416B-A097-4DFF1EAFBB27}: DhcpNameServer = 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60
O17 - HKLM\System\CCS\Services\Tcpip\..\{A08A44B0-EA61-4138-A705-407C1C6ABF70}: DhcpNameServer = 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60
O17 - HKLM\System\CS1\Services\Tcpip\..\{34F77ECD-A27E-416B-A097-4DFF1EAFBB27}: DhcpNameServer = 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60
O17 - HKLM\System\CS1\Services\Tcpip\..\{A08A44B0-EA61-4138-A705-407C1C6ABF70}: DhcpNameServer = 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60
O17 - HKLM\System\CS2\Services\Tcpip\..\{34F77ECD-A27E-416B-A097-4DFF1EAFBB27}: DhcpNameServer = 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60
O17 - HKLM\System\CS2\Services\Tcpip\..\{A08A44B0-EA61-4138-A705-407C1C6ABF70}: DhcpNameServer = 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- 
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 310.) - C:\Windows\system32\nvinitx.dll
~ AppInit DLL:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: TiMiniService (TiMiniService) . (.Trend Micro Inc. - Titanium mini-service.) - C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
O23 - Service: Intel(R) Management and Security Applica (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
~ Services: 14 Legitimates Filtered in 00mn 12s



---\\ Tâches planifiées en automatique (O39)
[MD5.E8E5FA2F4F77BFAC9C647BB1B5F62B64] [APT] [{C18D73A5-D72A-4CD4-9A41-F76EBB4A4366}] (...) -- C:\Program Files (x86)\PENDULO Studios\RUNAWAY 2 - The dream of the turtle\Video card setup.exe   [45056]
~ Scheduled Task: 21 Legitimates Filtered in 00mn 03s



---\\ Logiciels installés (O42)
O42 - Logiciel: Pando Media Booster - (.Pando Networks Inc..) [HKLM][64Bits] -- {980A182F-E0A2-4A40-94C1-AE0C1235902E}
O42 - Logiciel: RUNAWAY 2 - The dream of the turtle - (...) [HKLM][64Bits] -- {79DE0CE4-F38A-4DA7-81DF-949E615EA0AB}
O42 - Logiciel: Runaway 2 Patch 1.3 - (...) [HKLM][64Bits] -- {1507C9DC-2155-49A8-86A8-32551BD4150C}
O42 - Logiciel: Runaway 2 Patch 1.4 - (...) [HKLM][64Bits] -- {487BA14B-770D-403F-A9FA-98BBBF4A2722}
O42 - Logiciel: uTorrentBar_FR Toolbar - (.uTorrentBar_FR.) [HKLM][64Bits] -- uTorrentBar_FR Toolbar
O42 - Logiciel: µTorrent - (...) [HKLM][64Bits] -- uTorrent
~ Logic: 121 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AppDataLow\Software\PriceGong]  =>Adware.PriceGong
[HKCU\Software\AppDataLow\Software\Smartbar]  =>Hijacker.SmartBar
[HKCU\Software\AppDataLow\Software\uTorrentBar_FR]
[HKCU\Software\AppDataLow\Toolbar]
[HKCU\Software\BitTorrent]
[HKCU\Software\Softonic]
[HKLM\Software\Wow6432Node\uTorrentBar_FR]
~ Key Software: 204 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 17.04.2013 - 16:28:32 - [0.765] ----D C:\Program Files (x86)\uTorrent
O43 - CFD: 17.07.2012 - 21:54:29 - [4.798] ----D C:\Program Files (x86)\uTorrentBar_FR
O43 - CFD: 19.12.2011 - 23:32:43 - [0.000] ----D C:\ProgramData\Partner
O43 - CFD: 18.04.2013 - 21:32:17 - [16.976] ----D C:\Users\Fits\AppData\Roaming\uTorrent
~ 1 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 189 Legitimates Filtered in 00mn 12s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.6BCAF46E2B7FA9ACE92B4D39F3037C5C] - 18.04.2013 - 20:34:07 ---A- . (...) -- C:\Windows\SysNative\acovcnt.exe   [45056]
O44 - LFC:[MD5.6BCAF46E2B7FA9ACE92B4D39F3037C5C] - 18.04.2013 - 20:34:07 RSHAD . (...) -- C:\Windows\System32\acovcnt.exe   [45056]
O44 - LFC:[MD5.856BD697FCC01F87598BA9339801E8A6] - 18.04.2013 - 16:11:10 ---A- . (...) -- C:\Windows\SysNative\AutoRunFilter.ini   [2388]
O44 - LFC:[MD5.856BD697FCC01F87598BA9339801E8A6] - 18.04.2013 - 16:11:10 RSHAD . (...) -- C:\Windows\System32\AutoRunFilter.ini   [2388]
O44 - LFC:[MD5.D3AF1297D627290E4FD2BEBD3D71009B] - 18.04.2013 - 16:11:04 ---A- . (...) -- C:\Windows\SysNative\ServiceFilter.ini   [1411]
O44 - LFC:[MD5.D3AF1297D627290E4FD2BEBD3D71009B] - 18.04.2013 - 16:11:04 RSHAD . (...) -- C:\Windows\System32\ServiceFilter.ini   [1411]
~ Files: 87 Legitimates Filtered in 00mn 06s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.6FAA4052E7522DC9C82590EECFC20890] - 17.04.2013 - 15:28:32 ---A- - C:\Windows\Prefetch\UTTE70E.TMP.EXE-C075DEB8.pf
O45 - LFCP:[MD5.2E5C092A6A7BF01D3FA330A33BA860F4] - 18.04.2013 - 16:05:36 ---A- - C:\Windows\Prefetch\NETCFG_X64.EXE-1F721903.pf
O45 - LFCP:[MD5.633DFF783EF2CCA4A8A7546D02948FE4] - 18.04.2013 - 16:12:10 ---A- - C:\Windows\Prefetch\AMICOSINGLUN64.EXE-2E50420D.pf
O45 - LFCP:[MD5.76A9C614889842C89F61F1B856A90BBB] - 18.04.2013 - 16:12:10 ---A- - C:\Windows\Prefetch\RAVBG64.EXE-44375395.pf
O45 - LFCP:[MD5.5DB6662EB076DF26AC358620A49E1FC0] - 18.04.2013 - 16:12:46 ---A- - C:\Windows\Prefetch\FANCYSTART.EXE-91A615E7.pf
O45 - LFCP:[MD5.3D5C26D2547DD00B05B9AD4D051F2E87] - 18.04.2013 - 16:12:55 ---A- - C:\Windows\Prefetch\APRP.EXE-A549635F.pf
O45 - LFCP:[MD5.1A9F1059F7D9AE565DBDFB8A9F7C2872] - 18.04.2013 - 16:12:56 ---A- - C:\Windows\Prefetch\ASUSVIBE2.0.EXE-42B102D5.pf
O45 - LFCP:[MD5.8C36C048DFC2A74E1366017275AE355A] - 18.04.2013 - 16:12:56 ---A- - C:\Windows\Prefetch\ASUSWSPANEL.EXE-40B13933.pf
O45 - LFCP:[MD5.68A0B6EF17195EC7B02B172A9EFFEC7F] - 18.04.2013 - 16:15:07 ---A- - C:\Windows\Prefetch\UTORRENT.EXE-AE62E46F.pf
O45 - LFCP:[MD5.34945F93F7904E0EF68D43B46A785B3E] - 18.04.2013 - 20:35:12 ---A- - C:\Windows\Prefetch\UIWATCHDOG.EXE-D4ED8A6E.pf
O45 - LFCP:[MD5.29BD7E334673DD6C234AA6A4F0D1220C] - 18.04.2013 - 20:35:12 ---A- - C:\Windows\Prefetch\VIZORHTMLDIALOG.EXE-44A0E817.pf
O45 - LFCP:[MD5.86AED55E17A510CDCDC268C6F262823D] - 18.04.2013 - 20:36:01 ---A- - C:\Windows\Prefetch\SPOTIFY.EXE-BDDC12FF.pf
O45 - LFCP:[MD5.2D2B9C1D4CFAEF84748E1D7D15D0CAEE] - 18.04.2013 - 20:57:39 ---A- - C:\Windows\Prefetch\SAFEZONEBROWSER.EXE-EA1E6E17.pf
~ Prefetcher: 137 Legitimates Filtered in 00mn 00s



---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{86244dc2-0a13-11e1-86fa-806e6f6e6963}\AutoRun\command. (...) -- E:\AUTORUN.exe
~ Keys:  Scanned in 00mn 02s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14.07.2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys   [491088]
O58 - SDL:[MD5.DE8B9C3E0E09D918B394207F34AC16DD] - 08.07.2010 - 11:03:48 ---A- . (.Atheros Communications, Inc. - Atheros Extensible Wireless LAN device driver.) -- C:\Windows\System32\athrx.sys   [2228736]
~ Drivers:  Scanned in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 15.04.2013 - 16:59:44 ----- C:\Users\Fits\AppData\Roaming\uTorrent\Game.of.Thrones.S03E03.FASTSUB.VOSTFR.720p.HDTV.x264-ADDiCTiON.torrent   [3855]
O61 - LFC: 15.04.2013 - 21:58:17 --HA- C:\Users\Fits\Documents\Default.rdp   [2056]
O61 - LFC: 16.04.2013 - 17:28:28 ----- C:\Users\Fits\AppData\Roaming\uTorrent\How.I.Met.Your.Mother.S08E21.FASTSUB.VOSTFR.720p.HDTV.x264-ADDiCTiON.torrent   [2426]
O61 - LFC: 16.04.2013 - 17:28:32 ----- C:\Users\Fits\AppData\Roaming\uTorrent\2.Broke.Girls.S02E21.FASTSUB.VOSTFR.720p.HDTV.x264-ADDiCTiON.torrent   [2030]
O61 - LFC: 16.04.2013 - 22:09:05 ----- C:\Users\Fits\AppData\Roaming\uTorrent\Greek.S02.FRENCH.LD.HDTV.DVDRIP.XviD.torrent   [42427]
O61 - LFC: 17.04.2013 - 15:28:27 ---A- C:\Users\Fits\AppData\Roaming\uTorrent\utorrent.lng   [1142059]
O61 - LFC: 17.04.2013 - 16:12:59 ---A- C:\Users\Fits\AppData\Roaming\uTorrent\dlimagecache\A0F96EF694987D6F9B940DA5D6BEAEC2F929D230   [32791]
O61 - LFC: 17.04.2013 - 17:12:59 ---A- C:\Users\Fits\AppData\Roaming\uTorrent\dlimagecache\71846E2C7D2DF90BF4047808A71044D12E970619   [25277]
O61 - LFC: 17.04.2013 - 19:42:59 ---A- C:\Users\Fits\AppData\Roaming\uTorrent\dlimagecache\446AA5E8E3F9B1366ADAF70AD120F3FC1E800258   [15336]
O61 - LFC: 18.04.2013 - 08:13:48 ---A- C:\Users\Fits\AppData\Roaming\uTorrent\dlimagecache\06264181EE141F76C36CAF7239E1782A858D8756   [8342]
O61 - LFC: 18.04.2013 - 09:43:48 ---A- C:\Users\Fits\AppData\Roaming\uTorrent\dlimagecache\7E30449F65F89340512F92FCB2095AAAC688AF25   [16709]
O61 - LFC: 18.04.2013 - 15:20:01 ---A- C:\Users\Fits\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists   [267652]
O61 - LFC: 18.04.2013 - 16:09:36 ---A- C:\Users\Fits\AppData\Roaming\uTorrent\dht.dat.old   [3910]
O61 - LFC: 18.04.2013 - 16:09:36 ---A- C:\Users\Fits\AppData\Roaming\uTorrent\rss.dat.old   [99]
O61 - LFC: 18.04.2013 - 16:14:59 ---A- C:\Users\Fits\AppData\Roaming\uTorrent\dlimagecache\4C3AE986D517F8CAA02296704E4B8E74A31B71D5   [32226]
O61 - LFC: 18.04.2013 - 20:14:58 ---A- C:\Users\Fits\AppData\Roaming\uTorrent\settings.dat.old   [120740]
O61 - LFC: 18.04.2013 - 20:29:26 ---A- C:\Users\Fits\AppData\Roaming\uTorrent\resume.dat.old   [562703]
O61 - LFC: 18.04.2013 - 20:30:10 ---A- C:\Users\Fits\AppData\Roaming\uTorrent\dht_feed.dat.old   [2]
O61 - LFC: 18.04.2013 - 20:31:26 ---A- C:\Users\Fits\AppData\Roaming\uTorrent\resume.dat   [561461]
O61 - LFC: 18.04.2013 - 20:32:17 ---A- C:\Users\Fits\AppData\Roaming\uTorrent\dht.dat   [4352]
O61 - LFC: 18.04.2013 - 20:32:17 ---A- C:\Users\Fits\AppData\Roaming\uTorrent\dht_feed.dat   [2]
O61 - LFC: 18.04.2013 - 20:32:17 ---A- C:\Users\Fits\AppData\Roaming\uTorrent\rss.dat   [99]
O61 - LFC: 18.04.2013 - 20:32:17 ---A- C:\Users\Fits\AppData\Roaming\uTorrent\settings.dat   [120753]
O61 - LFC: 18.04.2013 - 21:13:56 ---A- C:\Users\Fits\AppData\Local\Google\Chrome\User Data\Local State   [28560]
~ 236 Fichiers temporaires (Temporary files)
~ Files: 375 Legitimates Filtered in 01mn 17s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS:  Scanned in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Fits\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639..clientLogIsEnabled", false);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.CTID", "CT2851639");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.CurrentServerDate", "9-1-2013");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.DSInstall", false);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.DialogsAlignMode", "LTR");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.DialogsGetterLastCheckTime", "Wed Jan 09 2013 10:13:58 GMT+0100");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.DownloadReferralCookieData", "");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.EMailNotifierPollDate", "Wed Jan 09 2013 10:28:57 GMT+0100");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.FeedLastCount2548968607390276962", 380);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.FeedPollDate2429156812186649977", "Wed Jan 09 2013 10:13:58 GMT+0100");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.FeedPollDate2429156813040823546", "Wed Jan 09 2013 10:13:57 GMT+0100");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.FeedPollDate2429156813130095866", "Wed Jan 09 2013 10:13:57 GMT+0100");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.FeedPollDate2429156813224203613", "Wed Jan 09 2013 10:13:57 GMT+0100");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.FeedPollDate2429156813230837251", "Wed Jan 09 2013 10:13:58 GMT+0100");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.FeedPollDate2429156813454291735", "Wed Jan 09 2013 10:13:58 GMT+0100");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.FeedPollDate2429156813729834876", "Wed Jan 09 2013 10:13:57 GMT+0100");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.FeedPollDate2429156813860870021", "Wed Jan 09 2013 10:13:58 GMT+0100");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.FeedPollDate2429156814264681793", "Wed Jan 09 2013 10:13:58 GMT+0100");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.FeedPollDate2429156814863075366", "Wed Jan 09 2013 10:13:58 GMT+0100");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.FeedPollDate2429156815257761081", "Wed Jan 09 2013 10:13:57 GMT+0100");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.FeedTTL2429156813040823546", 15);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.FeedTTL2429156813130095866", 10);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.FeedTTL2429156813454291735", 5);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.FeedTTL2429156814264681793", 5);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.FirstServerDate", "25-10-2012");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.FirstTime", true);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.FirstTimeFF3", true);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.FirstTimeHiddenVer", true);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.FixPageNotFoundErrors", true);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.GroupingServerCheckInterval", 1440);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.GroupingServiceUrl", "http://grouping.services.conduit.com/");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.HPInstall", false);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.HasUserGlobalKeys", true);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.HomePageProtectorEnabled", false);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.Initialize", true);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.InitializeCommonPrefs", true);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.InstallationAndCookieDataSentCount", 3);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.InstallationId", "fft2A3C.tmp.exe");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.InstallationType", "XPE");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.InstalledDate", "Thu Oct 25 2012 19:52:44 GMT+0200");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.IsAlertDBUpdated", true);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.IsGrouping", false);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.IsInitSetupIni", true);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.IsMulticommunity", false);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.IsOpenThankYouPage", true);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.IsOpenUninstallPage", false);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.LanguagePackLastCheckTime", "Wed Jan 09 2013 10:13:58 GMT+0100");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.LanguagePackReloadIntervalMM", 1440);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.LastLogin_3.13.0.6", "Wed Jan 09 2013 10:13:57 GMT+0100");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.LatestVersion", "3.16.0.3");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.Locale", "fr");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.MCDetectTooltipHeight", "83");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.MCDetectTooltipWidth", "295");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.MyStuffEnabledAtInstallation", true);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.OriginalFirstVersion", "3.13.0.6");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.SearchCaption", "uTorrentBar_FR Customized Web Search");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.SearchFromAddressBarIsInit", true);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=2&q=");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.SearchInNewTabEnabled", true);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.SearchInNewTabIntervalMM", 1440);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.SearchInNewTabLastCheckTime", "Wed Jan 09 2013 10:13:56 GMT+0100");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.SearchProtectorEnabled", false);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.SearchProtectorToolbarDisabled", false);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.SendProtectorDataViaLogin", true);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.ServiceMapLastCheckTime", "Wed Jan 09 2013 10:13:57 GMT+0100");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.SettingsLastCheckTime", "Wed Jan 09 2013 10:13:56 GMT+0100");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.SettingsLastUpdate", "1357718423");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.TBHomePageUrl", "http://search.conduit.com/?ctid=CT2851639&SearchSource=13");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.ThirdPartyComponentsInterval", 504);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.ThirdPartyComponentsLastCheck", "Wed Jan 09 2013 10:13:56 GMT+0100");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.ThirdPartyComponentsLastUpdate", "1331805999");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.ToolbarShrinkedFromSetup", false);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.TrusteLinkUrl", "http://trust.conduit.com/CT2851639");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolb[...]
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.UserID", "UN62180725084913366");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.WeatherNetwork", "");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.WeatherPollDate", "Wed Jan 09 2013 10:13:58 GMT+0100");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.WeatherUnit", "C");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.alertChannelId", "1243674");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.autoDisableScopes", -1);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.backendstorage.cbcountry_001", "4348");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.backendstorage.cbfirsttime", "53756E204E6F7620323520323031322032323A32313A323020474D542B30313030");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.backendstorage.cbopenmamsettings", "30");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.backendstorage.url_history0001", "687474703A2F2F7777772E796F75747562652E636F6D2F77617463683F763D414D697A35653[...]
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;se[...]
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.globalFirstTimeInfoLastCheckTime", "Wed Jan 09 2013 10:13:58 GMT+0100");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.homepageProtectorEnableByLogin", true);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.initDone", true);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.isAppTrackingManagerOn", false);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.myStuffEnabled", true);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.myStuffPublihserMinWidth", 400);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&oct[...]
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.myStuffServiceIntervalMM", 1440);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE[...]
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.navigateToUrlOnSearch", false);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.oldAppsList", "129351529700431300,129351529700743801,1000234,129791404828153723,1000034,129422840102831305,12[...]
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.revertSettingsEnabled", true);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.searchProtectorDialogDelayInSec", 10);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.searchProtectorEnableByLogin", true);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.testingCtid", "");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.toolbarAppMetaDataLastCheckTime", "Wed Jan 09 2013 10:13:58 GMT+0100");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CT2851639.toolbarContextMenuLastCheckTime", "Wed Jan 09 2013 10:13:58 GMT+0100");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2851639/CT2851639", "\"c8623c8621629e752a46b2db[...]
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851639", "\"1334666883\"");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=fr", "YL5qGEbYRXsHz8aKeY8[...]
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=fr", "baZTA2tXV7T4AAbft31a[...]
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=fr", "NeBYWpVfqR9l5h0zcPg[...]
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=fr", "VobDslsbJdJvb4C6TOif7w[...]
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0343677cfb1cd1:0\"")[...]
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851639", "\"b0247494cf7d18dd5da86e5d57[...]
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=fr", "\"987a3b2ab6af759e8799bfe487e3d3a2\[...]
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Fits\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\m8d1rk30.defa[...]
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.ToolbarsList", "CT2851639");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.ToolbarsList2", "CT2851639");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.ToolbarsList4", "CT2851639");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.globalUserId", "5119f7bd-319f-4a16-b59d-bb3c1e7341ec");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Jan 09 2013 10:13:59 GMT+0100");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.notifications.alertEnabled", false);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.notifications.clientsServerUrl", "http://alert.client.conduit.com");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.notifications.locale", "en");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Jan 09 2013 10:13:58 GMT+0100");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.notifications.servicesServerUrl", "http://alert.services.conduit.com");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.notifications.showTrayIcon", false);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.notifications.userId", "a71c1d0c-9e64-410e-9507-d5d8ffffe2b0");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
O69 - SBI: prefs.js [Fits - m8d1rk30.default] user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
~ Keys:  Scanned in 00mn 00s



---\\ Crack & Keygen Files (O82)
C:\Users\Fits\AppData\Local\CrashDumps\Xilisoft_iPhone_Transfer_v2_1_keygen_by_MAZE.exe.5552.dmp
C:\Users\Fits\AppData\Local\CrashDumps\Xilisoft_iPhone_Transfer_v2_1_keygen_by_MAZE.exe.5552.dmp
~ Files:  Scanned in 00mn 53s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.90E1D86D979B92738A47D7072CB22DA8] [SPRF][07.07.2010] (...) -- C:\ProgramData\FullRemove.exe   [131472]
[MD5.49387FBF061FFE0823DBA3005EE0BFE1] [SPRF][18.04.2013] (...) -- C:\Users\Fits\AppData\Local\Temp\chart_data.dat   [20570]
[MD5.A94085863F6939C6E302EE49089A6A0F] [SPRF][29.09.2012] (.McAfee, Inc. - McAfee Scanner Content Installer.) -- C:\Users\Fits\AppData\Local\Temp\contentDATs.exe   [987080]
[MD5.20A9943E6073A39435C7BEA7AA311246] [SPRF][24.12.2011] (.Logitech - Setup Launcher.) -- C:\Users\Fits\AppData\Local\Temp\g35_g35.exe   [42459336]
[MD5.EE622B2CD2D3C5CD950D49BD1708A9D4] [SPRF][20.02.2012] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\Fits\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe   [909600]
[MD5.B08FE80E6E35F4AF3324F98B81302CC4] [SPRF][06.07.2012] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\Fits\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe   [910128]
[MD5.8E51D3D38A26EEAC819974C9295AF35F] [SPRF][29.08.2012] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\Fits\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe   [908272]
[MD5.A85E2E0AF857692F2811073311695A8B] [SPRF][26.10.2012] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\Fits\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe   [912368]
[MD5.C6AA274F69EBDD86F75B7E3E4FA58AF4] [SPRF][31.01.2013] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\Fits\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe   [915376]
[MD5.A620A735458E04AE0CF471319B6D6E7D] [SPRF][01.03.2013] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\Fits\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe   [897448]
[MD5.D97484FFE8D487319F89FBAD04708D05] [SPRF][05.02.2013] (.McAfee, Inc. - McAfee Security Scan Plus Installer.) -- C:\Users\Fits\AppData\Local\Temp\SecurityScan_Release.exe   [3787456]
[MD5.1D70BE6C8303EB57079B005BA6B399AD] [SPRF][20.12.2011] (.Eclipse Foundation - SWT for Windows native library.) -- C:\Users\Fits\AppData\Local\Temp\swt-win32-3349.dll   [139672]
[MD5.696B48B5F230389ECB3E61653E97F993] [SPRF][11.01.2013] (...) -- C:\Users\Fits\AppData\Local\Temp\uttE4B8.tmp.bat   [94]
[MD5.696B48B5F230389ECB3E61653E97F993] [SPRF][11.01.2013] (...) -- C:\Users\Fits\AppData\Local\Temp\uttE554.tmp.bat   [94]
[MD5.906C6A1B9B969899E8F3DAEED101E934] [SPRF][17.04.2013] (...) -- C:\Users\Fits\AppData\Local\Temp\uttFB8A.tmp.bat   [94]
[MD5.906C6A1B9B969899E8F3DAEED101E934] [SPRF][17.04.2013] (...) -- C:\Users\Fits\AppData\Local\Temp\uttFC07.tmp.bat   [94]
[MD5.E563A65BAEA25CEF8F49FB0228CB8555] [SPRF][16.01.2013] (...) -- C:\Users\Fits\AppData\Local\Temp\vlc-2.0.5-win32.exe   [22916830]
[MD5.D48F21BB1D5CEA654287EB5EF5670467] [SPRF][22.01.2013] (...) -- C:\Users\Fits\AppData\Local\Temp\__PDFCORE_FMP.dat   [71182]
[MD5.683E007EC762AAE71132ADA52352142C] [SPRF][18.09.2012] (.Google Inc. - Picasa.) -- C:\Users\Fits\Desktop\picasa39-setup.exe   [15271824]
[MD5.58A59D3BC3E1C7C6B8B7663119EAA9DF] [SPRF][18.04.2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Fits\Desktop\ZHPDiag2.exe   [5580928]
[MD5.2FD994827193B68DD301F80BDF744231] [SPRF][03.04.2009] (.Husdawg, LLC - System Requirements Lab.) -- C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll   [354608]
~ Files:  Scanned in 00mn 01s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{41387209-EBCA-4654-B413-2C12E3ACA0FC}" | In - Domain - P6 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{DBB4E537-B4D7-4A07-9D91-A4F1456C6929}" | In - Domain - P17 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{D9B40A94-4646-4FFC-9847-9B407BC2F57D}" | In - Private - P6 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{14823AED-626F-492A-9D64-4CA5EF59D986}" | In - Private - P17 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{3D920384-20A0-4AA8-B7B7-2E4919F6723E}" | In - None - P17 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "TCP Query User{D7DFB1FC-7EF0-4F1A-9436-209A7224C2B5}C:\users\fits\appdata\local\temp\rar$ex60.656\redsn0w_win_0.9.9b9d\redsn0w.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\fits\appdata\local\temp\rar$ex60.656\redsn0w_win_0.9.9b9d\redsn0w.exe (.not file.)
O87 - FAEL: "UDP Query User{B8B6B66C-7FCC-4B85-81E7-323A476D5675}C:\users\fits\appdata\local\temp\rar$ex60.656\redsn0w_win_0.9.9b9d\redsn0w.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\fits\appdata\local\temp\rar$ex60.656\redsn0w_win_0.9.9b9d\redsn0w.exe (.not file.)
O87 - FAEL: "TCP Query User{4A883308-E626-4B71-B84B-8E2AB330E35B}C:\users\fits\appdata\local\temp\rar$ex61.768\redsn0w_win_0.9.9b9d\redsn0w.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\fits\appdata\local\temp\rar$ex61.768\redsn0w_win_0.9.9b9d\redsn0w.exe (.not file.)
O87 - FAEL: "UDP Query User{8378785A-467B-4F56-8876-BBA93D89A67D}C:\users\fits\appdata\local\temp\rar$ex61.768\redsn0w_win_0.9.9b9d\redsn0w.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\fits\appdata\local\temp\rar$ex61.768\redsn0w_win_0.9.9b9d\redsn0w.exe (.not file.)
O87 - FAEL: "TCP Query User{C7B4675D-0E22-40A7-BBA6-A878A362B9E1}C:\users\fits\appdata\local\temp\rar$ex89.768\redsn0w_win_0.9.9b9d\redsn0w.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\fits\appdata\local\temp\rar$ex89.768\redsn0w_win_0.9.9b9d\redsn0w.exe (.not file.)
O87 - FAEL: "UDP Query User{85D2558D-E16B-43EC-91E0-22B579ACAD62}C:\users\fits\appdata\local\temp\rar$ex89.768\redsn0w_win_0.9.9b9d\redsn0w.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\fits\appdata\local\temp\rar$ex89.768\redsn0w_win_0.9.9b9d\redsn0w.exe (.not file.)
O87 - FAEL: "TCP Query User{D3E80F37-9B4A-41DE-B563-D501A2442943}C:\users\fits\appdata\local\temp\rar$ex25.768\redsn0w_win_0.9.9b9d\redsn0w.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\fits\appdata\local\temp\rar$ex25.768\redsn0w_win_0.9.9b9d\redsn0w.exe (.not file.)
O87 - FAEL: "UDP Query User{7D1E8638-9D81-4D5D-98D7-EDF89054F21C}C:\users\fits\appdata\local\temp\rar$ex25.768\redsn0w_win_0.9.9b9d\redsn0w.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\fits\appdata\local\temp\rar$ex25.768\redsn0w_win_0.9.9b9d\redsn0w.exe (.not file.)
O87 - FAEL: "TCP Query User{BC0FC2FC-0E0B-4BEB-B1CD-E3C672D96E73}C:\users\fits\appdata\local\temp\rar$ex03.472\redsn0w_win_0.9.9b9d\redsn0w.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\fits\appdata\local\temp\rar$ex03.472\redsn0w_win_0.9.9b9d\redsn0w.exe (.not file.)
O87 - FAEL: "UDP Query User{5C450FF3-216D-4571-BAF7-36427CE5A70E}C:\users\fits\appdata\local\temp\rar$ex03.472\redsn0w_win_0.9.9b9d\redsn0w.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\fits\appdata\local\temp\rar$ex03.472\redsn0w_win_0.9.9b9d\redsn0w.exe (.not file.)
O87 - FAEL: "TCP Query User{71A39C5E-986B-460C-B5CF-B61F971C5427}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe
O87 - FAEL: "UDP Query User{364F4549-3556-480D-8A5D-A3886D42873E}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe
O87 - FAEL: "TCP Query User{4D09101D-D3D4-41FC-951F-F5D5648AB586}C:\program files (x86)\utorrent\utorrent.exe" | In - Private - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe
O87 - FAEL: "UDP Query User{246C78FD-F0ED-4328-9C81-46B9FD7FC6C9}C:\program files (x86)\utorrent\utorrent.exe" | In - Private - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe
~ Firewall: 248 Legitimates Filtered in 00mn 01s



---\\ Scan Additionnel (O88)
Database Version : v2.11570 - (17.04.2013)
Clés trouvées (Keys found) : 23
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 8
Fichiers trouvés  (Files found) : 1

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D6533F74-218B-41BE-9D91-5BD471FECFFD}]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS]   =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib]   =>Toolbar.Conduit
[HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD]   =>Toolbar.Agent
[HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD]   =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD]   =>Toolbar.Agent
[HKCU\Software\AppDataLow\Software\PriceGong]   =>Adware.PriceGong
[HKCU\Software\Softonic]   =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Toolbar]   =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\uTorrentBar_FR]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\uTorrentBar_FR]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_FR Toolbar]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32]   =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]   =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]   =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Setup_RASAPI32]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Setup_RASMANCS]   =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT2851639]   =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT2851639]   =>Toolbar.Conduit
C:\Program Files (x86)\Conduit   =>Toolbar.Conduit
C:\Program Files (x86)\uTorrentBar_FR   =>Toolbar.Conduit
C:\ProgramData\Partner   =>Spyware.Partner
C:\Users\Fits\AppData\Local\Conduit   =>Toolbar.Conduit
C:\Users\Fits\AppData\LocalLow\Conduit   =>Toolbar.Conduit
C:\Users\Fits\AppData\LocalLow\PriceGong   =>Adware.PriceGong
C:\Users\Fits\AppData\LocalLow\uTorrentBar_FR   =>Toolbar.Conduit
C:\ProgramData\VirtualizedApplications  =>PUP.Offerware^
C:\Users\Fits\AppData\Local\Temp\GoogleToolbarInstaller1.log  =>Toolbar.Babylon
~ Additionnel:  Scanned in 00mn 34s



---\\ Product Upgrade Codes (O90)
O90 - PUC: "90C64EA18BA25EE488BF80DCF07F2FFD" . (.Bing Bar.) -- C:\Windows\Installer\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}\icon_installer_ico
~ Update Products: 243 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand  68096 |  (Adobe LM Service) . (...) - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
SS - | Demand 18.04.2013 256904 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 30.11.2010 379520 |  (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe
SS - | Demand 17.09.2010 267480 |  (Amsp) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
SR - | Auto 11.08.2012 55184 |  (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 16.06.2009 84536 |  (ASLDRService) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 13.03.2011 138400 |  (Atheros Bt&Wlan Coex Agent) . (.Atheros.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
SR - | Auto 13.03.2011 74912 |  (AtherosSvc) . (.Atheros Commnucations.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
SR - | Auto 15.12.2009 96896 |  (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SS - | Auto 11.06.2012 193616 |  (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
SR - | Demand 11.06.2012 240208 |  (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
SR - | Auto 30.08.2011 462184 |  (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Auto 18.04.2013 116648 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 18.04.2013 116648 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09.05.2011 136120 |  (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Demand 12.12.2012 641504 |  (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 06.10.2010 325656 |  (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 01.12.2012 890216 |  (NVSvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SS - | Auto 03.12.2012 1259880 |  (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SS - | Auto 13.07.2012 160944 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 29.03.2013 543656 |  (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SR - | Auto 17.09.2010 241488 |  (TiMiniService) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
SS - | Demand 30.11.2010 149504 |  (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
SR - | Auto 06.10.2010 2655768 |  (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Demand 14.07.2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto  0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14.07.2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 01s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Fits at 18.04.2013 22:17:21

device: opened successfully
user: error reading MBR 

Disk trace:
error: Read  Descripteur non valide
kernel: error reading MBR 
~ MBR: 9 Legitimates Filtered in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Fits at 18.04.2013 22:17:23

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR:  Scanned in 00mn 04s



~ 1828 Legitimates filtered by white list
End of the scan (777 lines in 03mn 49s)(2)