Rapport de ZHPDiag v2013.4.19.112 par Nicolas Coolman, Update du 19/04/2013
Run by stéphanie at 20/04/2013 10:46:51
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : 


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 20.0.1
GCIE: Google Chrome v26.0.1410.64 (Defaut)
OBIE: Safari v5.34.57.2

---\\ Windows Product Information
~ Langage: Français
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
Windows Automatic Updates : OK

---\\ System Protection
Avira AntiVir Personal - Free Antivirus v10.2.0.167
Malwarebytes Anti-Malware version 1.62.0.1300
SUPERAntiSpyware Free Edition v4.30.0.1004

---\\ System Optimizer
CCleaner v3.17

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 17

---\\ System Information
~ Processor: x86 Family 15 Model 6 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Total RAM: 3069 MB (72% free)
System Restore: Activé (Enable)
System drive C: has 22 GB (19%) free of 113 GB

---\\ Logged in mode
~ Computer Name: PC-DE-STÉPHANIE
~ User Name: stéphanie
~ All Users Names: stéphanie, ASPNET, Administrateur, 
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\stéphanie\AppData\Roaming\
~ %Desktop% : C:\Users\stéphanie\Desktop\
~ %Favorites% : C:\Users\stéphanie\Favorites\
~ %LocalAppData% : C:\Users\stéphanie\AppData\Local\
~ %StartMenu% : C:\Users\stéphanie\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 22 Go of 113 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 3 Go of 113 Go)
E:\ CD-ROM drive (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
K:\ CD-ROM drive (Free 0 Go of 0 Go)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime :  OK
~ Security Center:  Scanned in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.19/01/2008 - 08:33:37.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.C5B6468422DB1C8AA36C32CBB0197E5E] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2013 - 04:38:00.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/01/2008 - 06:28:02.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.19/01/2008 - 06:49:18.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.19/01/2008 - 06:56:28.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.8A79FDF04A73428597E2CAF9D0D67850] - (.Microsoft Corporation - Pilote de port parallèle.) (.19/01/2008 - 06:49:33.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/01/2008 - 06:56:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 10:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes:  Scanned in 00mn 02s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/4
~ Mes musiques (My Musics) : 63/87
~ Mes Videos (My Videos) : 1/42
~ Mes Favoris (My Favorites) : 3/305
~ Mes Documents (My Documents) : 3/2263
~ Mon Bureau (My Desktop) : 1/18
~ Menu demarrer (Programs) : 1/52
~ Hidden Files:  Scanned in 00mn 18s



---\\ Processus lancés
[MD5.4E9592BB2C100E571F82640E59E9ECD5] - (.Google Inc. - Google Chrome.) -- C:\Users\stéphanie\AppData\Local\Google\Chrome\Application\chrome.exe   [1312720] [PID.1452]
[MD5.774CD0E47EB7CB97A225AD120CD85CFD] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [6879744] [PID.1248]
[MD5.5DAF7081A4BB112FA3F1915819330A3E] - (...) -- C:\Program Files\ZHPDiag\pv.exe   [61440] [PID.0]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\stéphanie\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
~ Google Browser:  Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Users\stéphanie\AppData\Roaming\Mozilla\Firefox\Profiles\k0u2daf0.default\prefs.js
M3 - MFPP: Plugins - [stéphanie] -- C:\Users\stéphanie\AppData\Roaming\Mozilla\Firefox\Profiles\k0u2daf0.default\searchplugins\delta.xml
M3 - MFPP: Plugins - [stéphanie] -- C:\Users\stéphanie\AppData\Roaming\Mozilla\Firefox\Profiles\k0u2daf0.default\searchplugins\YouGoo.xml
M3 - MFPP: Plugins - [stéphanie] -- C:\Program Files\Mozilla FireFox\searchplugins\Web Search.xml
M0 - MFSP: prefs.js [stéphanie - k0u2daf0.default] about:home
M2 - MFEP: prefs.js [stéphanie - k0u2daf0.default\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}] [dwhelper] DownloadHelper v4.9.14 (..)
P2 - FPN:Firefox Plugin Navigator . (.The OpenSSL Project, http://www.openssl.org - OpenSSL Shared Library.) -- C:\Program Files\Mozilla Firefox\Plugins\libdivx.dll
P2 - FPN:Firefox Plugin Navigator . (.BitComet - BitCometAgent for Firefox.) -- C:\Program Files\Mozilla Firefox\Plugins\npBitCometAgent.dll
P2 - FPN:Firefox Plugin Navigator . (.DivX,Inc. - DivX Web Player version 1.5.0.52.) -- C:\Program Files\Mozilla Firefox\Plugins\npdivx32.dll
P2 - FPN:Firefox Plugin Navigator . (.DivX, Inc - npdivxplayerplugin.) -- C:\Program Files\Mozilla Firefox\Plugins\npDivxPlayerPlugin.dll
P2 - FPN:Firefox Plugin Navigator . (.The OpenSSL Project, http://www.openssl.org - OpenSSL Shared Library.) -- C:\Program Files\Mozilla Firefox\Plugins\ssldivx.dll
P2 - FPN: [HKLM] [@bittorrent.com/BitTorrentDNA] - (.BitTorrent, Inc. - Delivery Network Acceleration by BitTorrent™.) -- C:\Program Files\DNA\plugins\npbtdna.dll
P2 - FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] - (.DivX,Inc. - DivX Web Player version 1.5.0.52.) -- C:\Program Files\DivX\DivX Web Player\npdivx32.dll
P2 - FPN: [HKLM] [@divx.com/DivX Player Plugin,version=1.0.0] - (.DivX, Inc - npdivxplayerplugin.) -- C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
~ Firefox Browser: 60 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com  =>Toolbar.Babylon
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Google Inc. - Google Update.) (No version) -- (.not file.)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2
~ IE Browser: 13 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys:  Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Acer eDataSecurity Management - [HKLM]{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} . (.HiTRUST - eDStoolbar Module.) -- C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Mirar - [HKLM]{7C523BE6-3EB3-4FD5-87D1-FC95E65AA763} . (...) --  (.not file.)
O3 - Toolbar: Easy Photo Print - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION / CyCom Technology - Epson Easy Photo Print (TBL).) -- C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
~ Toolbar:  Scanned in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe 
O4 - HKLM\..\Run: [eDataSecurity Loader] . (.HiTRUST - eDataSecurity System Loader( Load and prepa.) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 
O4 - HKLM\..\Run: [WarReg_PopUp] . (.Acer Inc. - WR_PopUp.) -- C:\Acer\WR_PopUp\WarReg_PopUp.exe 
O4 - HKLM\..\Run: [BigDogPath] . (.BIGDOG - BIGDOG.) -- C:\Windows\VM_STI.exe 
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] . (...) -- C:\Windows\system32\SysMonitor.exe 
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe 
O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe 
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe 
O4 - HKLM\..\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe 
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe 
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe 
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe 
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe 
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe 
O4 - HKCU\..\Run: [EPSON SX410 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCE.exe 
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\stéphanie\AppData\Local\Google\Update\GoogleUpdate.exe 
O4 - HKCU\..\Run: [Win Startup Manager] . (.Microsoft Corporation - Microsoft® Resource File To COFF Object Con.) -- C:\Users\stéphanie\AppData\Roaming\Windows NT\recovery.exe 
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\stéphanie\AppData\Local\Facebook\Update\FacebookUpdate.exe 
O4 - HKCU\..\Run: [KiesHelper] . (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\KiesHelper.exe 
O4 - HKCU\..\Run: [KiesPDLR] . (.Pas de propriétaire - KiesPDLR.) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe 
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe 
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe 
O4 - HKCU\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\stéphanie\AppData\Roaming\Spotify\Spotify.exe 
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter]  oobefldr.dll 
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter]  oobefldr.dll 
O4 - HKUS\S-1-5-21-2555148778-847838647-376290905-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe 
O4 - HKUS\S-1-5-21-2555148778-847838647-376290905-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe 
O4 - HKUS\S-1-5-21-2555148778-847838647-376290905-1000\..\Run: [EPSON SX410 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCE.exe 
O4 - HKUS\S-1-5-21-2555148778-847838647-376290905-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\stéphanie\AppData\Local\Google\Update\GoogleUpdate.exe 
O4 - HKUS\S-1-5-21-2555148778-847838647-376290905-1000\..\Run: [Win Startup Manager] . (.Microsoft Corporation - Microsoft® Resource File To COFF Object Con.) -- C:\Users\stéphanie\AppData\Roaming\Windows NT\recovery.exe 
O4 - HKUS\S-1-5-21-2555148778-847838647-376290905-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\stéphanie\AppData\Local\Facebook\Update\FacebookUpdate.exe 
O4 - HKUS\S-1-5-21-2555148778-847838647-376290905-1000\..\Run: [KiesHelper] . (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\KiesHelper.exe 
O4 - HKUS\S-1-5-21-2555148778-847838647-376290905-1000\..\Run: [KiesPDLR] . (.Pas de propriétaire - KiesPDLR.) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe 
O4 - HKUS\S-1-5-21-2555148778-847838647-376290905-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe 
O4 - HKUS\S-1-5-21-2555148778-847838647-376290905-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe 
O4 - HKUS\S-1-5-21-2555148778-847838647-376290905-1000\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\stéphanie\AppData\Roaming\Spotify\Spotify.exe 
~ Application:  Scanned in 00mn 01s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\Programs: Spotify.lnk . (.Spotify Ltd - Spotify.)  -- C:\Users\stéphanie\AppData\Roaming\Spotify\spotify.exe 
O4 - GS\Programs: TeamViewer 7.lnk . (.TeamViewer GmbH - TeamViewer Remote Control Application.)  -- C:\Users\stéphanie\temp\TeamViewer\Version7\TeamViewer.exe 
O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.)  -- C:\Program Files\Windows Mail\WinMail.exe 
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.)  -- C:\Program Files\Windows Media Player\wmplayer.exe 
O4 - GS\QuickLaunch: Advanced WindowsCare V2 Personal.lnk . (.IObit - Advanced WindowsCare V2 Personal.)  -- C:\Program Files\IObit\Advanced WindowsCare V2\Awcl.exe 
O4 - GS\QuickLaunch: Apple Safari.lnk . (...)  -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\QuickLaunch: BitTorrent.lnk . (.BitTorrent, Inc. - BitTorrent.)  -- C:\Program Files\BitTorrent\bittorrent.exe 
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Users\stéphanie\AppData\Local\Google\Chrome\Application\chrome.exe 
O4 - GS\QuickLaunch: Horaires de Trains.lnk - Clé orpheline
O4 - GS\QuickLaunch: InfraRecorder.lnk . (.Christian Kindahl - InfraRecorder.)  -- C:\Program Files\InfraRecorder\infrarecorder.exe 
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files\Mozilla Firefox\firefox.exe 
O4 - GS\QuickLaunch: Mozilla Thunderbird.lnk . (.Mozilla Corporation - Thunderbird.)  -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe 
O4 - GS\QuickLaunch: MP3 Rocket 6.3.2.lnk . (...)  -- C:\Program Files\MP3 Rocket\MP3Rocket.exe
O4 - GS\QuickLaunch: Samsung Kies.lnk . (.Samsung - Kies.)  -- C:\Program Files\Samsung\Kies\Kies.exe 
O4 - GS\QuickLaunch: Vos Démarches Administratives.lnk - Clé orpheline
O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.)  -- C:\Program Files\Windows Media Player\wmplayer.exe 
O4 - GS\QuickLaunch: XML Marker.lnk . (...)  -- C:\Program Files\XML Marker\xmlmarker.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\SendTo: XML Marker.lnk . (...)  -- C:\Program Files\XML Marker\xmlmarker.exe
O4 - GS\Desktop: Assistance Livebox.lnk . (...)  -- C:\Program Files\Orange\Assistance Livebox\AssistanceLivebox.exe
O4 - Global Startup: C:\Users\stéphanie\Desktop\Contrôle parental.url . (...)  -- C:\Users\stéphanie\Desktop\Contrôle parental.url
O4 - GS\Desktop: EasyCleaner.lnk . (.ToniArts - EasyCleaner executable.)  -- C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe 
O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Users\stéphanie\AppData\Local\Google\Chrome\Application\chrome.exe 
O4 - GS\Desktop: Revo Uninstaller.lnk . (.VS Revo Group - Revo Uninstaller.)  -- C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe 
O4 - GS\Desktop: Spotify.lnk . (.Spotify Ltd - Spotify.)  -- C:\Users\stéphanie\AppData\Roaming\Spotify\spotify.exe 
O4 - GS\Desktop: TeamViewer 7.lnk . (.TeamViewer GmbH - TeamViewer Remote Control Application.)  -- C:\Users\stéphanie\temp\TeamViewer\Version7\TeamViewer.exe 
O4 - GS\Desktop: TornTV.lnk . (.TornTVApp - TornTVApp.)  -- C:\Program Files\TornTV.com\TornTV.exe   =>Hijacker.TornTV
O4 - GS\Desktop: TreeSize Free.lnk . (.JAM Software - TreeSize Free hard disk space manager.)  -- C:\Program Files\JAM Software\TreeSize Free\TreeSizeFree.exe 
O4 - GS\Desktop: Video Downloader.lnk . (...)  -- C:\Program Files\vGrabber-software\VideoDownloader.exe
O4 - GS\Desktop: WBFS Manager 3.0.lnk . (...)  -- C:\Program Files\WBFS\WBFS Manager 3.0\WBFSManager.exe
O4 - GS\Desktop: Windows Photo Gallery.lnk . (.Microsoft Corporation - Galerie de photos Windows.)  -- C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe 
O4 - GS\Desktop: Wondershare Streaming Audio Recorder.lnk . (...)  -- C:\Program Files\Wondershare\Streaming Audio Recorder\StreamingAudioRecorder.exe
O4 - GS\Desktop: XML Marker.lnk . (...)  -- C:\Program Files\XML Marker\xmlmarker.exe
~ Global Startup:  Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} -- Clé orpheline
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} -- Clé orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Messenger.) -- C:\Program Files\Messenger\MSMSGS.exe
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} ((no name)) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
~ Objets ActiveX:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{33417D56-5BD1-4033-BD59-4783FF91B01D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{33417D56-5BD1-4033-BD59-4783FF91B01D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{33417D56-5BD1-4033-BD59-4783FF91B01D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: !SASWinLogon . (.SUPERAntiSpyware.com - SUPERAntiSpyware WinLogon Processor.) -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Capture Device Service (Capture Device Service) . (.InterVideo Inc. - Capture Device Service.) - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: eRecovery Service (eRecoveryService) . (.Acer Inc. - eRecoveryService.) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) . (.Pas de propriétaire - RichVideo Module.) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
~ Services: 15 Legitimates Filtered in 00mn 06s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\PCConfidential.job   [416]
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\RegClean Pro_DEFAULT.job   [272]
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\RegClean Pro_UPDATES.job   [280]
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\rpc.job   [386]
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\SLOW-PCfighter-stéphanie-Startup.job   [364]
~ Scheduled Task: 11 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: BitTorrent - (.BitTorrent, Inc.) [HKCU] -- BitTorrent
O42 - Logiciel: BitTorrent - (.BitTorrent, Inc.) [HKLM] -- BitTorrent
O42 - Logiciel: Contextual Tool Extrafind - (...) [HKLM] -- 9fc1711b
O42 - Logiciel: Favorit (oxhox) - (...) [HKLM] -- oxhox
O42 - Logiciel: Filters Unlimited 2.0 - (...) [HKLM] -- Filters Unlimited_is1
O42 - Logiciel: Free Stuff version 1.5 - (...) [HKLM] -- {7E1B484F-C15A-48C2-BF42-450310E39165}_is1
O42 - Logiciel: Images&Search Ver.1 - (.Images&Search.) [HKLM] -- {7E6A94FF-8260-4D3D-8D27-BC057BE50399}_is1
O42 - Logiciel: MP3 Rocket - (...) [HKLM] -- MP3 Rocket
O42 - Logiciel: Mirar - (...) [HKLM] -- {7C523BE6-3EB3-4FD5-87D1-FC95E65AA763}
O42 - Logiciel: RegClean Pro - (.Systweak Inc.) [HKLM] -- RegClean Pro_is1
O42 - Logiciel: STK014_V2.01 - (...) [HKLM] -- {E7C401C6-B490-4C92-9E6D-F6A862A27B65}
O42 - Logiciel: SmartGlobe(TM) 3, V3.13.116001 - (.Oregon Scientific.) [HKLM] -- Oregon Scientific SmartGlobe(TM) 3_is1
O42 - Logiciel: TViX NetShare 2.10  - (.DVICO.) [HKLM] -- {8409B1FB-9B55-452A-8CDC-4AE9D0F97FB4}
O42 - Logiciel: Trellian Button Factory - (...) [HKLM] -- Trellian Button Factory
O42 - Logiciel: XML Marker version 1.1 - (.Symbol Click.) [HKLM] -- XML Marker_is1
~ Logic: 157 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Anfy Team]
[HKCU\Software\AppDataLow\IE7Pro]
[HKCU\Software\AppDataLow\IEPro]
[HKCU\Software\AppDataLow\Software\AskSBar]
[HKCU\Software\AppDataLow\Software\Screensavers.com]
[HKCU\Software\BI]
[HKCU\Software\BitComet]
[HKCU\Software\Bot Productions]
[HKCU\Software\ContextEnhancer]
[HKCU\Software\DownloadMR]
[HKCU\Software\Fb_hack]
[HKCU\Software\FunkyEmoticons]
[HKCU\Software\GoforFiles]
[HKCU\Software\InfraRecorder]
[HKCU\Software\JetCar]
[HKCU\Software\Kazaa]
[HKCU\Software\LetsTunes]
[HKCU\Software\Live-Player]
[HKCU\Software\MGS]
[HKCU\Software\MicroGaming]
[HKCU\Software\Oregon Scientific]
[HKCU\Software\Photocite]
[HKCU\Software\Rentabiliweb]
[HKCU\Software\Serif]
[HKCU\Software\StudioV5]
[HKCU\Software\SweetIM]  =>PUP.SweetIM
[HKCU\Software\Symbol Click]
[HKCU\Software\TViX]
[HKCU\Software\Vista-Buttons]
[HKCU\Software\WebAnim]
[HKCU\Software\ZONEJEUX]
[HKCU\Software\delta LTD]
[HKCU\Software\eMule]
[HKCU\Software\iPhotoSoft]
[HKLM\Software\AskSBar]
[HKLM\Software\BSmax ScripT]
[HKLM\Software\DVICO]
[HKLM\Software\Deckard]
[HKLM\Software\FunkyEmoticons]
[HKLM\Software\GoforFiles]
[HKLM\Software\IEPro]
[HKLM\Software\InstallationKit]
[HKLM\Software\LetsTunes]
[HKLM\Software\LimeWire]
[HKLM\Software\Live-Player]
[HKLM\Software\NetDragon]
[HKLM\Software\Photocite]
[HKLM\Software\STK014]
[HKLM\Software\Serif]
[HKLM\Software\SweetIM]  =>PUP.SweetIM
[HKLM\Software\Syntek]
[HKLM\Software\TRELLIAN]
[HKLM\Software\WCM]
[HKLM\Software\WebAnim Gif]
[HKLM\Software\Winferno]
[HKLM\Software\Winsudate]
[HKLM\Software\iPhotoSoft]
~ Key Software: 358 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 23/12/2008 - 12:32:19 - [0] ----D C:\Program Files\B4Playing
O43 - CFD: 29/07/2007 - 16:22:25 - [0,668] ----D C:\Program Files\BearShare Applications  =>PUP.BearShare
O43 - CFD: 09/02/2013 - 15:32:41 - [1,060] ----D C:\Program Files\BitTorrent
O43 - CFD: 09/02/2013 - 15:06:42 - [119,360] ----D C:\Program Files\CityVilleBot
O43 - CFD: 25/11/2010 - 16:02:05 - [0] ----D C:\Program Files\CopyRightLeft
O43 - CFD: 10/01/2009 - 23:45:41 - [0,403] ----D C:\Program Files\DNA
O43 - CFD: 25/03/2009 - 22:07:44 - [1,063] ----D C:\Program Files\DVICO
O43 - CFD: 01/04/2012 - 22:27:48 - [0,684] ----D C:\Program Files\Free Stuff
O43 - CFD: 04/01/2008 - 11:58:50 - [0] ----D C:\Program Files\IE7Pro
O43 - CFD: 25/08/2010 - 10:32:34 - [0,679] ----D C:\Program Files\ImagesSearch
O43 - CFD: 15/08/2007 - 15:07:04 - [0,000] ----D C:\Program Files\Impression Grand Format
O43 - CFD: 06/08/2011 - 18:00:48 - [13,329] ----D C:\Program Files\InfraRecorder
O43 - CFD: 02/11/2007 - 22:56:49 - [9,816] ----D C:\Program Files\KSS
O43 - CFD: 10/01/2011 - 13:56:05 - [28,034] ----D C:\Program Files\LetsTunes
O43 - CFD: 26/02/2013 - 00:27:35 - [33,772] ----D C:\Program Files\MP3 Rocket
O43 - CFD: 26/02/2013 - 00:26:27 - [0,298] ----D C:\Program Files\MP3 Rocket Downloader
O43 - CFD: 02/10/2008 - 16:38:40 - [0,000] ----D C:\Program Files\Navilog1
O43 - CFD: 17/01/2011 - 10:32:05 - [2,291] ----D C:\Program Files\NetDragon
O43 - CFD: 25/12/2011 - 22:41:23 - [4,735] ----D C:\Program Files\Oregon Scientific
O43 - CFD: 15/04/2012 - 17:11:35 - [14,723] ----D C:\Program Files\RegClean Pro
O43 - CFD: 16/02/2008 - 22:24:42 - [0] ----D C:\Program Files\Serif
O43 - CFD: 08/09/2012 - 23:01:26 - [0,426] ----D C:\Program Files\STK014_V2.01
O43 - CFD: 22/07/2007 - 16:10:26 - [0] ----D C:\Program Files\SunXi
O43 - CFD: 09/02/2013 - 00:37:22 - [0,844] ----D C:\Program Files\TornTV.com  =>Hijacker.TornTV
O43 - CFD: 22/07/2007 - 16:08:05 - [6,427] ----D C:\Program Files\TRELLIAN
O43 - CFD: 09/07/2009 - 17:13:22 - [0,048] ----D C:\Program Files\Winletmin
O43 - CFD: 26/01/2011 - 23:20:09 - [1,478] ----D C:\Program Files\XML Marker
O43 - CFD: 17/01/2011 - 10:36:35 - [0,177] ----D C:\Program Files\Common Files\NetDragon
O43 - CFD: 19/07/2010 - 19:35:23 - [7,413] ----D C:\ProgramData\Artweaver
O43 - CFD: 19/07/2010 - 19:35:23 - [0,532] ----D C:\Users\stéphanie\AppData\Roaming\Artweaver
O43 - CFD: 29/07/2007 - 16:22:27 - [11,466] ----D C:\Users\stéphanie\AppData\Roaming\BearShare  =>PUP.BearShare
O43 - CFD: 04/04/2013 - 00:28:23 - [1,483] ----D C:\Users\stéphanie\AppData\Roaming\BitTorrent
O43 - CFD: 15/04/2012 - 14:05:57 - [0,007] ----D C:\Users\stéphanie\AppData\Roaming\Charles
O43 - CFD: 04/08/2009 - 14:42:25 - [0] ----D C:\Users\stéphanie\AppData\Roaming\FunkyEmoticons
O43 - CFD: 16/10/2012 - 20:27:12 - [0,004] ----D C:\Users\stéphanie\AppData\Roaming\GoforFiles
O43 - CFD: 06/08/2011 - 18:01:00 - [0,082] ----D C:\Users\stéphanie\AppData\Roaming\InfraRecorder
O43 - CFD: 10/01/2011 - 13:56:44 - [0,001] ----D C:\Users\stéphanie\AppData\Roaming\letstunes
O43 - CFD: 17/06/2008 - 15:56:28 - [0,000] ----D C:\Users\stéphanie\AppData\Roaming\LogoMaker
O43 - CFD: 15/04/2012 - 14:05:59 - [0,027] ----D C:\Users\stéphanie\AppData\Roaming\MiniDm
O43 - CFD: 14/04/2013 - 19:14:36 - [2,393] ----D C:\Users\stéphanie\AppData\Roaming\MP3Rocket
O43 - CFD: 01/07/2007 - 18:46:03 - [0,001] ----D C:\Users\stéphanie\AppData\Roaming\Quiz Press prefs
O43 - CFD: 13/04/2012 - 22:08:44 - [0] ----D C:\Users\stéphanie\AppData\Roaming\system32
O43 - CFD: 09/01/2008 - 22:02:23 - [0] ----D C:\Users\stéphanie\AppData\Local\ColorPlaza
O43 - CFD: 30/05/2007 - 22:24:47 - [0] ----D C:\Users\stéphanie\AppData\Local\Fastlab Print Service
O43 - CFD: 27/05/2007 - 16:23:24 - [1008,776] ----D C:\Users\stéphanie\AppData\Local\IM
O43 - CFD: 17/01/2011 - 10:36:27 - [1,329] ----D C:\Users\stéphanie\AppData\Local\NetDragon
O43 - CFD: 06/03/2009 - 00:25:45 - [0] ----D C:\Users\stéphanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitComet
O43 - CFD: 09/01/2009 - 11:40:14 - [0] ----D C:\Users\stéphanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Groom Toox
O43 - CFD: 11/05/2008 - 22:39:08 - [0] ----D C:\Users\stéphanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LimeWire
O43 - CFD: 03/12/2012 - 13:30:01 - [0,002] ----D C:\Users\stéphanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com  =>Hijacker.TornTV
~ 1230 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 1726 Legitimates Filtered in 01mn 30s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.EBBD702D9CE34B50A43FB707FA11006A] - 20/04/2013 - 09:40:32 ---A- . (...) -- C:\Windows\ntbtlog.txt   [509840]
O44 - LFC:[MD5.6123AEBD8CE983BEA7CDCBF7471BC97B] - 20/04/2013 - 09:34:22 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0   [5152]
O44 - LFC:[MD5.6123AEBD8CE983BEA7CDCBF7471BC97B] - 20/04/2013 - 09:34:22 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0   [5152]
~ Files: 41 Legitimates Filtered in 00mn 08s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.933F454CA9A2EC739E7B3D6BA8C3A2EF] - 19/04/2013 - 11:59:08 ---A- - C:\Windows\Prefetch\WLSETTINGS.EXE-4DBF79AB.pf
O45 - LFCP:[MD5.05CB24197061A23831C47D5A46EA95EC] - 19/04/2013 - 17:52:18 ---A- - C:\Windows\Prefetch\SPOTIFYSETUP (1).EXE-DA2E7824.pf
O45 - LFCP:[MD5.18173DC0ECF5D9BD0AF15960664010E1] - 19/04/2013 - 17:52:26 ---A- - C:\Windows\Prefetch\SPWEBINST0.EXE-68A2C407.pf
O45 - LFCP:[MD5.E3DF848030FDBDF31F634564250B3BFC] - 19/04/2013 - 17:52:37 ---A- - C:\Windows\Prefetch\SPOTIFY.EXE-C41E70F2.pf
O45 - LFCP:[MD5.D9F54C9F1FD10A38525BE1B853536FC2] - 20/04/2013 - 09:32:18 ---A- - C:\Windows\Prefetch\NSF154.TMP-043014B5.pf
O45 - LFCP:[MD5.F5833F4A4FE97367F55A97BD08DF932B] - 20/04/2013 - 09:35:19 ---A- - C:\Windows\Prefetch\EDSLOADER.EXE-365CA171.pf
~ Prefetcher: 73 Legitimates Filtered in 00mn 00s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" [Enabled] .(.Acer Inc..) -- C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe
O47 - AAKE:Key Export SP - "C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" [Enabled] .(.HiTRUST.) -- C:\Acer\Empowering Technology\eDataSecurity\encryption.exe
O47 - AAKE:Key Export SP - "C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" [Enabled] .(.HiTRUST.) -- C:\Acer\Empowering Technology\eDataSecurity\decryption.exe
O47 - AAKE:Key Export SP - "C:\Program Files\IEPro\MiniDM.exe" [Enabled] .(...) -- C:\Program Files\IEPro\MiniDM.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\BitTorrent\bittorrent.exe" [Enabled] .(.BitTorrent, Inc..) -- C:\Program Files\BitTorrent\bittorrent.exe
O47 - AAKE:Key Export SP - "C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe" [Enabled] .(...) -- C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe (.not file.)
~ Keys Export: 6 Legitimates Filtered in 00mn 00s



---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{c7ecd60e-c6c1-11e1-8cd2-0019db5de69d}\AutoRun\command. (...) -- F:\iStudio.exe (.not file.)
~ Keys:  Scanned in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\BitTorrent DNA  [Key] . (...) -- C:\Users\stéphanie\Program Files\DNA\btdna.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Pokki  [Key] . (...) -- C:\Users\stéphanie\AppData\Local\Pokki\v0.260.8.396\pokki.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\TViXNetShare  [Key] . (.DVICO - Pas de description.) -- C:\Program Files\DVICO\TViXNetShare\TViXNetShare.exe
~ SMSR Keys: 9 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "HideLegacyLogonScripts"=0
O55 - MWPS:[HKLM\...\Policies\System] - "HideLogoffScripts"=0
O55 - MWPS:[HKLM\...\Policies\System] - "RunLogonScriptSync"=1
O55 - MWPS:[HKLM\...\Policies\System] - "RunStartupScriptSync"=1
O55 - MWPS:[HKLM\...\Policies\System] - "HideStartupScripts"=0
O55 - MWPS:[HKCU\...\Policies\System] - "HideLegacyLogonScripts"=0
O55 - MWPS:[HKCU\...\Policies\System] - "HideLogoffScripts"=0
O55 - MWPS:[HKCU\...\Policies\System] - "RunLogonScriptSync"=1
O55 - MWPS:[HKCU\...\Policies\System] - "RunStartupScriptSync"=1
O55 - MWPS:[HKCU\...\Policies\System] - "HideStartupScripts"=0
~ MWPS: 26 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.D079068B720258EA3D0653ECAC2F9874] - 28/12/2006 - 14:50:26 ---A- . (.Sonix Technology Co., Ltd. - Driver for 9KD ICE Writer.) -- C:\Windows\System32\Drivers\9kdUSBXP.sys   [16000]
O58 - SDL:[MD5.D6634E1ACC801363FD0A998FF1B3CADD] - 10/12/2007 - 22:00:02 RSH-- . (...) -- C:\Windows\System32\11F34CC2E2.sys   [56]
~ Drivers:  Scanned in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 17/04/2013 - 18:22:14 ---A- C:\Users\stéphanie\Searches\Downloads\HousecallLauncher.exe   [2002424]
O61 - LFC: 17/04/2013 - 18:36:37 ---A- C:\Users\stéphanie\AppData\Local\ars.cache   [246542]
O61 - LFC: 17/04/2013 - 18:36:41 ---A- C:\Users\stéphanie\AppData\Local\census.cache   [254242]
O61 - LFC: 17/04/2013 - 21:07:30 ---A- C:\Users\stéphanie\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000007.rmx   [122]
O61 - LFC: 17/04/2013 - 21:07:30 ---A- C:\Users\stéphanie\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000007.rxb   [7381]
O61 - LFC: 18/04/2013 - 11:33:13 ---A- C:\Users\stéphanie\Documents\img014.jpg   [1361332]
O61 - LFC: 18/04/2013 - 11:36:31 ---A- C:\Users\stéphanie\Documents\dossier c\Scan0003.tif   [1089480]
O61 - LFC: 18/04/2013 - 11:36:36 ---A- C:\Users\stéphanie\Documents\dossier c\Scan0005.tif   [1079348]
O61 - LFC: 18/04/2013 - 11:43:22 ---A- C:\Users\stéphanie\Documents\dossier c\1.jpg   [87536]
O61 - LFC: 19/04/2013 - 14:01:11 ---A- C:\Users\stéphanie\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\ExcludeList.rcp   [390]
O61 - LFC: 19/04/2013 - 14:01:11 ---A- C:\Users\stéphanie\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\French_rcp.dat   [56644]
O61 - LFC: 19/04/2013 - 14:01:11 ---A- C:\Users\stéphanie\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\TempHLList.rcp   [2448]
O61 - LFC: 19/04/2013 - 14:01:11 ---A- C:\Users\stéphanie\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\results.rcp   [60]
O61 - LFC: 19/04/2013 - 21:49:29 ---A- C:\Users\stéphanie\AppData\Roaming\Intelli-studio\upload_history.xml   [79]
O61 - LFC: 19/04/2013 - 22:02:59 ---A- C:\Users\stéphanie\Videos\SAM_2093_Converted.wmv   [322558714]
O61 - LFC: 19/04/2013 - 22:03:08 ---A- C:\Users\stéphanie\AppData\Roaming\Intelli-studio\File_v20_5.db   [10779648]
O61 - LFC: 19/04/2013 - 22:03:09 ---A- C:\Users\stéphanie\AppData\Roaming\Intelli-studio\Folder_v20_5.db   [262144]
O61 - LFC: 20/04/2013 - 09:46:47 ---A- C:\Users\stéphanie\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists   [268698]
O61 - LFC: 20/04/2013 - 09:47:06 ---A- C:\Users\stéphanie\AppData\Local\Google\Chrome\User Data\Local State   [38077]
~ 60 Fichiers temporaires (Temporary files)
~ 3 Fichiers cookies (Cookies files)
~ Files: 823 Legitimates Filtered in 00mn 42s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
O63 - Logiciel: RSIT - (.random/random.)
O63 - Logiciel: Toolbar SD - (.IDN Team.)
~ ADS:  Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 11/11/2009 - C:\Program Files\SUPERAntiSpyware\SASDIFSV.sys (SASDIFSV)  .(.SUPERAdBlocker.com and SUPERAntiSpyware.com - SASDIFSV.SYS.) - LEGACY_SASDIFSV
O64 - Services: CurCS - 11/11/2009 - C:\Program Files\SUPERAntiSpyware\SASENUM.sys (SASENUM)  .(. SUPERAdBlocker.com and SUPERAntiSpyware.co - SASENUM.SYS.) - LEGACY_SASENUM
~ Legacy: 94 Legitimates Filtered in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.exe> <exefile>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\stéphanie\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
O68 - StartMenuInternet: <Safari.exe> <Safari>[HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files\Safari\Safari.exe
~ Keys:  Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [stéphanie - k0u2daf0.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [stéphanie - k0u2daf0.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [stéphanie - k0u2daf0.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [stéphanie - k0u2daf0.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [stéphanie - k0u2daf0.default] user_pref("extensions.delta.dfltLng", "en");
O69 - SBI: prefs.js [stéphanie - k0u2daf0.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [stéphanie - k0u2daf0.default] user_pref("extensions.delta.id", "38a54ac30000000000000019db5de69d");
O69 - SBI: prefs.js [stéphanie - k0u2daf0.default] user_pref("extensions.delta.instlDay", "15753");
O69 - SBI: prefs.js [stéphanie - k0u2daf0.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [stéphanie - k0u2daf0.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [stéphanie - k0u2daf0.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [stéphanie - k0u2daf0.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [stéphanie - k0u2daf0.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [stéphanie - k0u2daf0.default] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [stéphanie - k0u2daf0.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [stéphanie - k0u2daf0.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [stéphanie - k0u2daf0.default] user_pref("extensions.delta.vrsn", "1.8.10.0");
O69 - SBI: prefs.js [stéphanie - k0u2daf0.default] user_pref("extensions.delta.vrsnTs", "1.8.10.020:31:35");
O69 - SBI: prefs.js [stéphanie - k0u2daf0.default] user_pref("extensions.delta.vrsni", "1.8.10.0");
O69 - SBI: prefs.js [stéphanie - k0u2daf0.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {A3B0E929-3E3B-45ED-B677-79ED6AF604B2} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} - (Zumie Search) - http://www.zumie.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} - (Zumie Search) - http://www.zumie.com
~ Keys:  Scanned in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.D70E4E2A6E2997CCB01685733C983512] [SPRF][16/05/2009] (...) -- C:\ProgramData\E2C24CF311.sys   [88]
[MD5.6FF297195402145E3B4A140557AF8C00] [SPRF][16/05/2009] (...) -- C:\ProgramData\KGyGaAvL.sys   [2516]
[MD5.3F7F7B9F746191312CA51A77F9605B4D] [SPRF][26/09/2008] (...) -- C:\ProgramData\pswi_preloaded.exe   [480848]
[MD5.3B8E1A1728D91B8D4EF284608B775E98] [SPRF][15/10/2011] (...) -- C:\Users\stéphanie\AppData\Local\d3d9caps.dat   [1356]
[MD5.FC57B304F615B4F20C1F8E5EB68F89FB] [SPRF][07/10/2007] (...) -- C:\Users\stéphanie\AppData\Local\fusioncache.dat   [97]
[MD5.C96095256277FA3F9365E72908707146] [SPRF][02/02/2009] (...) -- C:\Users\stéphanie\AppData\Local\jfbetw.bat   [93]
[MD5.BE6B613DABC8ACD3DE8CECB7A7CE53B0] [SPRF][05/08/2009] (...) -- C:\Users\stéphanie\AppData\Local\oxhox.bat   [92]
[MD5.B3FDF6E7B0AECD48CA7E4921773FB606] [SPRF][09/02/2013] (...) -- C:\Users\stéphanie\AppData\Local\Temp\7z920.exe   [1110476]
[MD5.817E86B7C18A015223A405E79DB836E9] [SPRF][29/01/2013] (.Ask.com - AskStub Application.) -- C:\Users\stéphanie\AppData\Local\Temp\ApnStub.exe   [356520]
[MD5.D2537381019991C0D067EEED86D19171] [SPRF][09/02/2010] (.Ask.com - Ask Install Checker.) -- C:\Users\stéphanie\AppData\Local\Temp\AskInstallChecker.exe   [201616]
[MD5.B28C334C03CEE7C5E829C43AE75DAE5A] [SPRF][23/08/2012] (.Ask.com - AskIC Dynamic Link Library.) -- C:\Users\stéphanie\AppData\Local\Temp\AskSLib.dll   [248008]
[MD5.11D751D299B9ABDC77BFF4156C75C4CF] [SPRF][17/02/2013] (...) -- C:\Users\stéphanie\AppData\Local\Temp\bitool.dll   [38480]
[MD5.3D7CDC3E67A97110321BF7453C649B1F] [SPRF][17/02/2013] (...) -- C:\Users\stéphanie\AppData\Local\Temp\DeltaTB.exe   [775664]
[MD5.7B96A975DECF746361A39A31E01F4BDF] [SPRF][28/06/2012] (.Ellora Assets Corporation - Freemake Video Converter Setup.) -- C:\Users\stéphanie\AppData\Local\Temp\FreemakeVideoConverter_3.0.2.15.exe   [18306784]
[MD5.F6278B5A16F830885B184D5F72E1B935] [SPRF][22/03/2013] (.Terra Informatica Software, Inc., British C - HTMLayout - embeddable HTML rendering and layout component.) -- C:\Users\stéphanie\AppData\Local\Temp\htmlayout.dll   [947200]
[MD5.9831C439ED0BD31D625A93DD86389843] [SPRF][20/04/2013] (.Pas de propriétaire - APN Install Checker Library for Java.) -- C:\Users\stéphanie\AppData\Local\Temp\JavaIC.dll   [114376]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][17/04/2013] (...) -- C:\Users\stéphanie\AppData\Local\Temp\jqkidpbo.dll   [0]
[MD5.F88C296A9109CF540EEDEF41E8A46E09] [SPRF][12/01/2013] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\stéphanie\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe   [896424]
[MD5.F655170EB3DC3CBB3F564077C670A7E1] [SPRF][31/01/2013] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\stéphanie\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe   [897448]
[MD5.5CC163324A11091C975B686EF4C52C73] [SPRF][16/02/2013] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\stéphanie\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe   [897448]
[MD5.A620A735458E04AE0CF471319B6D6E7D] [SPRF][01/03/2013] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\stéphanie\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe   [897448]
[MD5.6C137D2BEF3CDD43F3AE2FD6705B9FED] [SPRF][05/04/2013] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\stéphanie\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe   [904104]
[MD5.8EC2A656042BFF1243C09FFD33F25496] [SPRF][29/08/2012] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\stéphanie\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe   [894952]
[MD5.EC3A1A84A0A407FE3985ED6F9A0CC436] [SPRF][27/09/2012] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\stéphanie\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe   [895464]
[MD5.71571DF7DBF4705F3C88222EF1B6FA79] [SPRF][20/04/2013] (.McAfee, Inc. - Partner Offer Manager Criteria Check.) -- C:\Users\stéphanie\AppData\Local\Temp\msscct32.dll   [341032]
[MD5.30290976476F285670AE4E83BBCB5903] [SPRF][27/11/2012] (.SweetLabs,Inc. - Pokki.) -- C:\Users\stéphanie\AppData\Local\Temp\oct2D27.tmp.exe   [32581936]
[MD5.BCC6E3E1F8ECC44DE3A461F00A600E36] [SPRF][07/10/2012] (.SweetLabs,Inc. - Pokki.) -- C:\Users\stéphanie\AppData\Local\Temp\oct3153.tmp.exe   [31733016]
[MD5.0AFE24C0DE6E49BB06DB89849FD33D36] [SPRF][16/11/2012] (.SweetLabs,Inc. - Pokki.) -- C:\Users\stéphanie\AppData\Local\Temp\oct3EEC.tmp.exe   [32580480]
[MD5.BCC6E3E1F8ECC44DE3A461F00A600E36] [SPRF][03/10/2012] (.SweetLabs,Inc. - Pokki.) -- C:\Users\stéphanie\AppData\Local\Temp\oct6FAE.tmp.exe   [31733016]
[MD5.463D5EE1F960F309F47D256694CA9BE9] [SPRF][29/11/2012] (.SweetLabs,Inc. - Pokki.) -- C:\Users\stéphanie\AppData\Local\Temp\oct7972.tmp.exe   [32581144]
[MD5.77BE448F28F10B71262FF213F8614A90] [SPRF][23/11/2012] (.SweetLabs,Inc. - Pokki.) -- C:\Users\stéphanie\AppData\Local\Temp\oct94FF.tmp.exe   [32582048]
[MD5.832CBE5428D9B63AE974BEEB188EC3D8] [SPRF][27/10/2012] (.SweetLabs,Inc. - Pokki.) -- C:\Users\stéphanie\AppData\Local\Temp\octB377.tmp.exe   [32508120]
[MD5.497B16C836A919E0233427A6146FC251] [SPRF][22/11/2012] (.SweetLabs,Inc. - Pokki.) -- C:\Users\stéphanie\AppData\Local\Temp\octBC1E.tmp.exe   [32581592]
[MD5.4EF414D857F3DB4F363C4A2073BB7F5F] [SPRF][03/11/2012] (.SweetLabs,Inc. - Pokki.) -- C:\Users\stéphanie\AppData\Local\Temp\octC8BB.tmp.exe   [32517688]
[MD5.4EF414D857F3DB4F363C4A2073BB7F5F] [SPRF][10/11/2012] (.SweetLabs,Inc. - Pokki.) -- C:\Users\stéphanie\AppData\Local\Temp\octE273.tmp.exe   [32517688]
[MD5.3AC89D931C908F23CF0EA048670DBA8D] [SPRF][02/10/2012] (.SweetLabs,Inc. - Pokki.) -- C:\Users\stéphanie\AppData\Local\Temp\octECED.tmp.exe   [31732648]
[MD5.573617564F8E39579934924D3BB5E8F8] [SPRF][23/10/2012] (.SweetLabs,Inc. - Pokki.) -- C:\Users\stéphanie\AppData\Local\Temp\octF3B0.tmp.exe   [32487624]
[MD5.39DB3561990EB852EF19ED1DBDD9EE22] [SPRF][30/08/2012] (.Pokki - Pokki Installer.) -- C:\Users\stéphanie\AppData\Local\Temp\Pokki.exe   [1326424]
[MD5.57BC8F4F1201610668773875A4484C1E] [SPRF][31/01/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\stéphanie\AppData\Local\Temp\uninst1.exe   [392784]  =>Toolbar.Babylon
[MD5.F6278B5A16F830885B184D5F72E1B935] [SPRF][08/12/2012] (.Terra Informatica Software, Inc., British C - HTMLayout - embeddable HTML rendering and layout component.) -- C:\Users\stéphanie\AppData\Local\Temp\uninstall13068687.exe   [947200]
[MD5.A55B82103A202C20717F45C201EC4553] [SPRF][16/10/2012] (.Terra Informatica Software, Inc., British C - HTMLayout - embeddable HTML rendering and layout component.) -- C:\Users\stéphanie\AppData\Local\Temp\uninstall13104785.exe   [936960]
[MD5.5C89E24D47562D08D9447F7BAA14338D] [SPRF][16/10/2012] (.http://goforfiles.com/ - GoforFiles Application.) -- C:\Users\stéphanie\AppData\Local\Temp\uninstall13105097.exe   [904848]
[MD5.C9D496AF64C56389C511B4C4E5938037] [SPRF][16/10/2012] (.http://www.goforfiles.com/ - GoforFiles.) -- C:\Users\stéphanie\AppData\Local\Temp\uninstall13105300.exe   [4604560]
[MD5.7810AB1CF04E012469C141ABC693D3A7] [SPRF][09/02/2013] (.Somoto Ltd. - FilesFrog Update Checker.) -- C:\Users\stéphanie\AppData\Local\Temp\UpdateCheckerSetup.exe   [295440]  =>Adware.MegaSearch
[MD5.9DC1D28A2B4E57410DE20C7E59364A22] [SPRF][21/09/2012] (...) -- C:\Users\stéphanie\AppData\Local\Temp\utt1B5D.tmp.bat   [98]
[MD5.9DC1D28A2B4E57410DE20C7E59364A22] [SPRF][21/09/2012] (...) -- C:\Users\stéphanie\AppData\Local\Temp\utt1BCB.tmp.bat   [98]
[MD5.9A105C7F55B43FEFA444A94F714B5B29] [SPRF][11/07/2012] (...) -- C:\Users\stéphanie\AppData\Local\Temp\utt9E1E.tmp.bat   [74]
[MD5.BD6AB920E99E8AFC70D6BE086ED40F0C] [SPRF][08/01/2008] (...) -- C:\Users\stéphanie\AppData\Roaming\mdb.bin   [8594]
[MD5.6BECCD726B613CC43EF6D36F8FC4D9AF] [SPRF][20/01/2012] (.Microsoft Corporation - Pas de description.) -- C:\Users\stéphanie\Desktop\FileFormatConverters.exe   [29017528]
[MD5.CB216BEA0CA6EF97D9EF3C539F5B2F35] [SPRF][03/11/2007] (...) -- C:\Program Files\ffdsasetts.reg   [1292]
[MD5.CE598D0052B1EC5A6EC0853D674BC858] [SPRF][03/11/2007] (...) -- C:\Program Files\ffdssetts.reg   [1658]
[MD5.D18C5F55DEB684113BD30E55578367FB] [SPRF][03/11/2007] (...) -- C:\Program Files\mpc1.reg   [596]
[MD5.B9EB849EC191A7E0AE6B463902B1D9B5] [SPRF][03/11/2007] (...) -- C:\Program Files\mpc2.reg   [680]
[MD5.9981D5BBF4430D6C836A0BDC758187FE] [SPRF][03/11/2007] (...) -- C:\Program Files\mpc3.reg   [3026]
[MD5.4991FDA023C7D8188DDC882344D9B90E] [SPRF][03/11/2007] (...) -- C:\Program Files\mpc4.reg   [348]
[MD5.BC0D2101AF3DD1E7B111A2AF88BDC62C] [SPRF][03/11/2007] (...) -- C:\Program Files\mpc5.reg   [16220]
[MD5.F93A83DA2BE77E7637F1FAE3B346D0ED] [SPRF][03/11/2007] (...) -- C:\Program Files\mpc6.reg   [18156]
[MD5.E1BF5664C40AFBF6B0EEC20A56D6A7E9] [SPRF][03/11/2007] (...) -- C:\Program Files\mpc7.reg   [3476]
[MD5.77D3A60B2E838E1CC6A682BD9761DA63] [SPRF][15/08/2007] (.RealNetworks, Inc. - RngInterstitial.) -- C:\Program Files\RngInterstitial.dll   [774144]
[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll   [24576]
[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe   [196608]
[MD5.B8F39C9E0F0B71E454DBA431CF3B99C9] [SPRF][11/08/2005] (.Macrovision Corporation - InstallShield Update Service Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll   [417792]
[MD5.8945CCA5FC4F25168E8B6F401EFAF51F] [SPRF][22/02/2007] (.Microsoft Corporation - Zone.com Stats Client for MSN Messenger.) -- C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll   [304544]
~ Files:  Scanned in 00mn 08s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{801EC1BA-4EA4-4830-8FE6-B53B0271F818}" | In - Public - P17 - TRUE | .(.Pas de propriétaire - DVAX2Process MFC Application.) -- C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe
O87 - FAEL: "{3CF0A38F-BDCA-4850-B9CC-79DA144B0CA6}" | In - Public - P6 - TRUE | .(.Pas de propriétaire - DVAX2Process MFC Application.) -- C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe
O87 - FAEL: "{F1B5D3AE-FBEF-47B7-99BA-34893748B475}" | In - Public - P6 - TRUE | .(.BitTorrent, Inc. - DNA.) -- C:\Program Files\DNA\btdna.exe
O87 - FAEL: "{43DCEBCC-B32B-404F-A7EC-7CF885BEB043}" | In - Public - P17 - TRUE | .(.BitTorrent, Inc. - DNA.) -- C:\Program Files\DNA\btdna.exe
O87 - FAEL: "TCP Query User{B588C859-DF6F-4CA9-B6B3-452F267EAA06}C:\program files\bittorrent\bittorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent, Inc. - BitTorrent.) -- C:\program files\bittorrent\bittorrent.exe
O87 - FAEL: "UDP Query User{EF921477-86C6-4542-AD69-E43A0D497241}C:\program files\bittorrent\bittorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent, Inc. - BitTorrent.) -- C:\program files\bittorrent\bittorrent.exe
O87 - FAEL: "TCP Query User{A05457F4-E410-43E1-AF76-36EE73BBDB62}C:\program files\dvico\tvixnetshare\tvixnetshare.exe" | In - Public - P6 - TRUE | .(.DVICO - Pas de description.) -- C:\program files\dvico\tvixnetshare\tvixnetshare.exe
O87 - FAEL: "UDP Query User{7391FAC9-58EF-4293-9092-58F11172B2A9}C:\program files\dvico\tvixnetshare\tvixnetshare.exe" | In - Public - P17 - TRUE | .(.DVICO - Pas de description.) -- C:\program files\dvico\tvixnetshare\tvixnetshare.exe
O87 - FAEL: "TCP Query User{CE8163AF-6D4B-4825-A27B-6F072706842A}C:\program files\cityvillebot\iexplore.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\cityvillebot\iexplore.exe (.not file.)
O87 - FAEL: "UDP Query User{F18AF909-A220-4271-A796-ECBF9B616C32}C:\program files\cityvillebot\iexplore.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\cityvillebot\iexplore.exe (.not file.)
O87 - FAEL: "{42FE29E6-9BA7-4F5F-A5D0-5358603C84FF}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\GoforFiles\goforfilesdl.exe (.not file.)
O87 - FAEL: "{3670A3F4-0CE4-4A3F-ABE1-21E949799DED}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\GoforFiles\goforfilesdl.exe (.not file.)
O87 - FAEL: "{A4DB7BC7-CFFD-4D59-9C88-1793492AD23F}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\GoforFiles\GoforFiles.exe (.not file.)
O87 - FAEL: "{D251F077-117D-43FA-B51A-C47F78CEE0CF}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\GoforFiles\GoforFiles.exe (.not file.)
O87 - FAEL: "{3CE514F0-AA85-4602-9207-13CA07EFC27E}" |In - None - P17 - TRUE | .(...) -- C:\Program Files\Protected Search\ProtectedSearch.exe (.not file.)  =>Spyware.ProtectedSearch
O87 - FAEL: "{B7ABA13D-4722-4D25-AF8A-62170C57EF0E}" |Out - None - P17 - TRUE | .(...) -- C:\Program Files\Protected Search\ProtectedSearch.exe (.not file.)  =>Spyware.ProtectedSearch
O87 - FAEL: "{2A9DF138-FAFC-46BB-9232-2652E32DFE04}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\YourFileDownloader\Downloader.exe (.not file.)
O87 - FAEL: "{35C54831-8C7C-4695-8738-D59FD3161F1C}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\YourFileDownloader\Downloader.exe (.not file.)
O87 - FAEL: "{AF2B1BD7-8860-4974-8672-19AED749E79E}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\YourFileDownloader\YourFile.exe (.not file.)
O87 - FAEL: "{C0BD3D7C-6957-4137-8F2F-C512E88EEE67}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\YourFileDownloader\YourFile.exe (.not file.)
O87 - FAEL: "{BCCB1F69-307F-4422-BC58-1E5532AA243F}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - BitTorrent.) -- C:\Program Files\BitTorrent\BitTorrent.exe
O87 - FAEL: "{A987714D-1849-41D6-ACE3-2E1D4A686B7F}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - BitTorrent.) -- C:\Program Files\BitTorrent\BitTorrent.exe
~ Firewall: 271 Legitimates Filtered in 00mn 01s



---\\ Scan Additionnel (O88)
Database Version : v2.11593 - (19/04/2013)
Clés trouvées (Keys found) : 42
Valeurs trouvées (Values found) : 1
Dossiers trouvés  (Folders found) : 10
Fichiers trouvés  (Files found) : 4

[HKCU\Software\delta LTD]   =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{177586E7-E42E-4F38-83D1-D15B4AF5B714}]   =>Toolbar.DeltaSearch
[HKCU\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin]   =>Toolbar.Babylon
[HKCU\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin]   =>Toolbar.Babylon
[HKCU\{C5C31551-23FC-4895-B1C7-E209163DECA5}]   =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{db885111-f39f-4d88-9ee5-c88460b6df7b}]   =>Adware.Agent
[HKCU\Software\funkyemoticons]   =>Adware.Navipromo
[HKLM\Software\funkyemoticons]   =>Adware.Navipromo
[HKCU\Software\live-player]   =>Adware.Navipromo
[HKLM\Software\live-player]   =>Adware.Navipromo
[HKCU\Software\SweetIM]   =>PUP.SweetIM
[HKLM\Software\SweetIM]   =>PUP.SweetIM
[HKLM\Software\Winsudate]   =>Adware.Gibmedia
[HKLM\Software\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}]   =>Toolbar.Babylon
[HKCU\Software\MicroGaming\Thumper\Casino\prime]   =>Adware.Casino
[HKLM\Software\Classes\Installer\Features\7E685771E24E83F4381D1DB5A45F7B41]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\Installer\Products\7E685771E24E83F4381D1DB5A45F7B41]   =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7E685771E24E83F4381D1DB5A45F7B41]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}]   =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{7131C082-F3C6-404D-B8CC-8AF9CFB6209D}]   =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{5C731C2A-6ADF-487E-99A2-7291BF794A14}]   =>Toolbar.Agent
[HKLM\Software\Classes\AppID\osmax.ocx]   =>Toolbar.Agent
[HKLM\Software\Classes\AppID\secman.DLL]   =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]   =>Toolbar.ToolBand
[HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}]   =>Toolbar.ToolBand
[HKLM\Software\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}]   =>Toolbar.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller]   =>Adware.MegaSearch
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]   =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]   =>Toolbar.Bing
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}]   =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5C8B5FB7CB5DD447A0BAAAF637FBD77]   =>PUP.ClaroSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF96568971BEAC14B8815883832BD484]   =>PUP.ClaroSearch
[HKLM\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}]   =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\oovootoolbar]   =>Toolbar.ooVoo
[HKLM\Software\Cheat Engine\OpenCandy]   =>Adware.OpenCandy
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\TBSB02209.TBSB02209Toolbar]   =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}]   =>PUP.CrossRider
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{4e7bd74f-2b8d-469e-8da9-fd60bb9aae33}   =>Adware.BHO
C:\Program Files\BearShare Applications   =>PUP.BearShare
C:\Program Files\Winletmin   =>Trojan.Agent
C:\Program Files\torntv.com   =>Hijacker.TornTV
C:\Program Files\RegClean Pro   =>Rogue.RegistryPowerCleaner
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FunkyEmoticons   =>Adware.Navipromo
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Live-Player   =>Adware.Navipromo
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro   =>Rogue.RegistryPowerCleaner
C:\Users\stéphanie\AppData\Roaming\FunkyEmoticons   =>Adware.Navipromo
C:\Users\stéphanie\AppData\Local\Bundled software uninstaller   =>Adware.MegaSearch
C:\Users\stéphanie\AppData\LocalLow\VMNToolbar   =>Spyware.VMNToolbar
C:\Users\stéphanie\AppData\Local\Temp\uninst1.exe   =>Toolbar.Babylon
C:\Users\stéphanie\AppData\Local\Temp\UpdateCheckerSetup.exe  =>Adware.MegaSearch
~ Additionnel:  Scanned in 00mn 36s



---\\ Product Upgrade Codes (O90)
O90 - PUC: "7E685771E24E83F4381D1DB5A45F7B41" . (.Delta Chrome Toolbar.) -- C:\Windows\Installer\{177586E7-E42E-4F38-83D1-D15B4AF5B714}\Delta.ico
~ Update Products: 101 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto  24576 |  (AcerMemUsageCheckService) . (...) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
SS - | Demand 12/07/2007 72704 |  (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
SS - | Auto 18/12/2012 65192 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/04/2013 256904 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 28/04/2011 136360 |  (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SS - | Auto 31/08/2011 269480 |  (AntiVirService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SS - | Auto 21/12/2012 57008 |  (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Auto 14/01/2009 729088 |  (Ati External Event Utility) . (.ATI Technologies Inc..) - C:\Windows\System32\Ati2evxx.exe
SS - | Auto 30/08/2011 390504 |  (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Auto 06/03/2007 198168 |  (Capture Device Service) . (.InterVideo Inc..) - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
SS - | Auto 14/12/2006 49152 |  (eRecoveryService) . (.Acer Inc..) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
SS - | Auto 27/06/2012 96768 |  (Freemake Improver) . (.Freemake.) - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
SS - | Demand 18/06/2007 138680 |  (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 20/02/2013 553288 |  (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 19/10/2006 61440 |  (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SS - | Auto 03/07/2012 655944 |  (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 12/04/2013 115608 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 18/09/2012 1082016 |  (Orange update Core Service) . (.France Telecom SA.) - C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe
SS - | Auto  174656 |  (ProtexisLicensing) . (...) - C:\Windows\system32\PSIService.exe
SS - | Auto  143360 |  (RichVideo) . (...) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SS - | Auto 22/09/2010 249136 |  (SeaPort) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Auto 19/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Auto 19/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 00s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s



~ 3813 Legitimates filtered by white list
End of the scan (854 lines in 05mn 36s)(0)