ï»¿~ Rapport de ZHPDiag v2013.11.4.4 - Nicolas Coolman  (04/11/2013)
~ LancÃ© par BUN (04/11/2013 19:53:32)
~ Adresse du Site Web  http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance Ã  la dÃ©sinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version : 
~ Liste blanche : ActivÃ©e par le programme
~ ElÃ©vation des PrivilÃ¨ges : OK
~ User Account Control (UAC): 


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.7601.17514
MFIE: Mozilla Firefox 24.0 (Defaut)
GCIE: Google Chrome v30.0.1599.101
OBIE: Wacom WebTabletPlugin for Internet Explorer and Netscape v2.0.0.1
OBIE: Wacom WebTabletPlugin for Netscape v1.1.0.10

---\\ Informations sur les produits Windows
~ Langage: FranÃ§ais
Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_COA_SLP channel
Windows ID Activation : OK
~ Windows Partial Key : JBF79
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du systÃ¨me
Avira Free Antivirus v13.0.0.4042
Spybot - Search & Destroy v1.6.2
Windows Defender W7

---\\ Logiciels d'optimisation du systÃ¨me
CCleaner v4.06 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 45

---\\ Informations sur le systÃ¨me
~ Processor: x86 Family 16 Model 6 Stepping 3, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1791 MB (46% free)
System Restore: ActivÃ© (Enable)
System drive C: has 222 GB (77%) free of 288 GB

---\\ Mode de connexion au systÃ¨me
~ Computer Name: BUN-PC
~ User Name: BUN
~ All Users Names: HomeGroupUser$, BUN, Administrateur, 
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\BUN\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\BUN\AppData\Roaming\
~ %Desktop% : C:\Users\BUN\Desktop\
~ %Favorites% : C:\Users\BUN\Favorites\
~ %LocalAppData% : C:\Users\BUN\AppData\Local\
~ %StartMenu% : C:\Users\BUN\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ EnumÃ©ration des unitÃ©s disques
C: Hard drive, Flash drive, Thumb drive (Free 222 Go of 288 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Free 4 Go of 4 Go)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
H: Floppy drive, Flash card reader, USB Key (Free 4 Go of 4 Go)



---\\ Etat du Centre de SÃ©curitÃ© Windows
~ Security Center: 38 Legitimates Filtered in 00mn 00s



---\\ Recherche particuliÃ¨re de fichiers gÃ©nÃ©riques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de dÃ©marrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.DBF24E87CB605A4F6E7424DD86F7A62C] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.20/08/2011 - 05:31:05.) -- C:\Windows\System32\wininet.dll [981504]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application dâouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - BibliothÃ¨que de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 01:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du systÃ¨me de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallÃ¨le.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de clichÃ© instantanÃ© du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes:  Scanned in 00mn 01s



---\\ Etat des fichiers cachÃ©s (CachÃ©/Total)
~ Mes images (My Pictures) : 1/1054
~ Mes musiques (My Musics) : 39/418
~ Mes Videos (My Videos) : 5/57
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 5/2896
~ Mon Bureau (My Desktop) : 1/10
~ Menu demarrer (Programs) : 1/25
~ Hidden Files:  Scanned in 00mn 03s



---\\ Processus lancÃ©s
[MD5.DB3F7F19F942D3CE4E1A0E8D9FF541FB] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe   [347192] [PID.2232]
[MD5.F74737E0EF87295E82EBD0A4B040539A] - (.Microsoft Corporation - Composant de saisie tactile ou avec stylet.) -- C:\Windows\SYSTEM32\WISPTIS.exe   [334336] [PID.4856]
[MD5.21E01FD4147EA1B952E4CD9928B879B8] - (.Microsoft Corporation - Tablet PC Input Panel Accessory.) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe   [181760] [PID.1512]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe   [0] [PID.6040]
[MD5.54BEE40FB86547D92EECEEEB897F1506] - (.Antonio Da Cruz - PhotoFiltre Studio.) -- C:\Program Files\PhotoFiltre Studio X\pfstudiox.exe   [3360768] [PID.724]
[MD5.A9182CE59CFC56F9C1DDE8B3C0AE8378] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe   [274840] [PID.2560]
[MD5.384056A5205DDA59758542CA63C21C16] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [8171008] [PID.3144]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, DÃ©marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\BUN\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default] http://www.delta-search.com =>Toolbar.DeltaSearch
~ Google Browser: 3 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\94nrmjz5.default\prefs.js
C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\94nrmjz5.default\user.js
M3 - MFPP: Plugins - [BUN] -- C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\94nrmjz5.default\searchplugins\babylon.xml =>Toolbar.Babylon
M3 - MFPP: Plugins - [BUN] -- C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\94nrmjz5.default\searchplugins\delta.xml =>Toolbar.DeltaSearch
P2 - FPN: [HKLM] [@SonyCreativeSoftware.com/Media Go,version=1.0] - (...) -- C:\Program Files\Sony\Media Go\npmediago.dll (.not file.)
~ Firefox Browser: 24 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, DÃ©marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yd.delta-search.com =>Toolbar.DeltaSearch
~ IE Browser: 7 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 05s
~ Nombre de lignes (Lines number): 15179



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Bamboo Dock.lnk . (...)  -- C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files\Mozilla Firefox\firefox.exe 
O4 - GS\Desktop [Public]: RomStation.lnk . (...)  -- C:\Program Files\RomStation\RomStation.exe
O4 - GS\Desktop [Public]: Wireless Connection Manager.lnk . (.D-Link Corp. - D-Link WLAN Application.)  -- C:\Program Files\D-Link\DWA-131 revA\wirelesscm.exe 
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files\Mozilla Firefox\firefox.exe 
O4 - GS\TaskBar [BUN]: Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files\Mozilla Firefox\firefox.exe 
O4 - GS\Desktop [BUN]: PhotoshopCS6 Portable.lnk . (.PainteR - Adobe Photoshop CS6 Pre-Release Portable.)  -- C:\Program Files (x86)\photoshop cs6\AdobePhotoshopCS6Portable\PhotoshopCS6Portable.exe  =>.Adobe Systems Incorporated
O4 - GS\Desktop [BUN]: SosVirus Forum Gratuit.lnk . (...)  -- C:\Program Files\Internet Explorer\iexplore.exe (.not file.)
O4 - GS\Desktop [BUN]: SosVirus sur Facebook.lnk . (...)  -- C:\Program Files\Internet Explorer\iexplore.exe (.not file.)
O4 - GS\Desktop [BUN]: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.)  -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe 
~ Global Startup: 64 Legitimates Filtered in 00mn 03s



---\\ Applications lancÃ©es au dÃ©marrage du sytÃ¨me (O4)
O4 - GS\Startup [Public]: Wireless Connection Manager.lnk . (.D-Link Corp. - D-Link WLAN Application.)  -- C:\Program Files\D-Link\DWA-131 revA\wirelesscm.exe 
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 
O4 - HKLM\..\Run: [BambooCore] . (.Pas de propriÃ©taire - BambooDock back-end application.) -- C:\Program Files\Bamboo Dock\BambooCore.exe 
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe  =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe  =>.Oracle Corporation
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe  =>.Microsoft Corporation
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\BUN\AppData\Local\Google\Update\GoogleUpdate.exe  =>.Google Inc
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer Networking Limited - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 
O4 - HKCU\..\Run: [Sony PC Companion] . (.Sony - Sony PC Companion.) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe 
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\BUN\AppData\Local\Facebook\Update\FacebookUpdate.exe 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2637158324-2203775089-3494527545-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2637158324-2203775089-3494527545-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\BUN\AppData\Local\Google\Update\GoogleUpdate.exe  =>.Google Inc
O4 - HKUS\S-1-5-21-2637158324-2203775089-3494527545-1000\..\Run: [SpybotSD TeaTimer] . (.Safer Networking Limited - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 
O4 - HKUS\S-1-5-21-2637158324-2203775089-3494527545-1000\..\Run: [Sony PC Companion] . (.Sony - Sony PC Companion.) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe 
O4 - HKUS\S-1-5-21-2637158324-2203775089-3494527545-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\BUN\AppData\Local\Facebook\Update\FacebookUpdate.exe 
~ Application:  Scanned in 00mn 00s



---\\ Boutons situÃ©s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- ClÃ© orpheline
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9D86C52-37D1-4195-B36C-494ED0C3FC1F}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{E9D86C52-37D1-4195-B36C-494ED0C3FC1F}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{E9D86C52-37D1-4195-B36C-494ED0C3FC1F}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ TÃ¢ches planifiÃ©es en automatique (O39)
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\AmiUpdXp.job   [348] =>PUP.Software.Updater
[MD5.1C446DC37F6BA32799F5881D06488C3F] [APT] [AmiUpdXp] (.Amonetize ltd..) -- C:\Users\BUN\AppData\Local\SwvUpdater\Updater.exe   [307240]  =>PUP.Software.Updater
[MD5.00000000000000000000000000000000] [APT] [{E413F927-DE1A-4190-937F-EEC5E589BFEF}] (...) -- C:\Users\BUN\Desktop\office2007sp2-kb953195-fullfile-fr-fr.exe (.not file.)   [0]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 09s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\5c57dbdde06de810]
[HKCU\Software\BI]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Iminent] =>Adware.IMBooster
~ Key Software: 160 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 20/08/2012 - 18:42:43 - [0,609] ----D C:\Program Files\Conduit
O43 - CFD: 13/11/2012 - 11:36:27 - [0,313] ----D C:\Program Files\Red Sky =>Adware.DownTango
O43 - CFD: 06/02/2013 - 13:14:29 - [0,001] ----D C:\ProgramData\Photo-Bon3Free
O43 - CFD: 02/04/2012 - 16:55:11 - [875,048] ----D C:\Users\BUN\AppData\Roaming\cacaoweb =>PUP.CacaoWeb
O43 - CFD: 20/08/2012 - 18:45:02 - [0] ----D C:\Users\BUN\AppData\Local\Conduit
O43 - CFD: 28/12/2012 - 00:27:12 - [0,294] ----D C:\Users\BUN\AppData\Local\SwvUpdater =>PUP.Software.Updater
~ 65 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 253 Legitimates Filtered in 00mn 17s



---\\ Derniers fichiers modifiÃ©s ou crÃ©es sous Windows et System32 (O44)
O44 - LFC:[MD5.8BF7B1FEADC4D9AB49BB1360E91463F6] - 04/11/2013 - 18:43:08 ----- . (...) -- C:\UsbFix [Scan 1] BUN-PC.txt   [8357]
O44 - LFC:[MD5.A5FD96AD1042DAEB9144B87C66C13C91] - 04/11/2013 - 19:09:31 ---A- . (...) -- C:\UsbFix [Clean 2] BUN-PC.txt   [9968]
O44 - LFC:[MD5.6CBECC812985D1DA276E5E6AB5A54BE0] - 28/10/2013 - 11:29:12 ---A- . (...) -- C:\Windows\System32\jupdate-1.7.0_45-b18.log   [4857]
~ Files: 16 Legitimates Filtered in 01mn 22s



---\\ Derniers fichiers crÃ©Ã©s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.DF826877ABB9604B2093F014C96B7F30] - 03/11/2013 - 23:23:49 ---A- - C:\Windows\Prefetch\SONY PC COMPANION_2.10.180_NE-51729B79.pf
O45 - LFCP:[MD5.A385EF8BF048361FE4F25D5EAF69C2DC] - 03/11/2013 - 23:23:54 ---A- - C:\Windows\Prefetch\PCCSERVICE.EXE-9A61A85A.pf
O45 - LFCP:[MD5.5D9FE66EBB542899DF41EB1F88EBDEF7] - 03/11/2013 - 23:24:52 ---A- - C:\Windows\Prefetch\PCCOMPANION.EXE-4D74AE82.pf
O45 - LFCP:[MD5.D91CFC42EBF804B422DEB3E4C79A6C26] - 04/11/2013 - 19:06:36 ---A- - C:\Windows\Prefetch\GO.EXE-0A7DE786.pf
O45 - LFCP:[MD5.8DA4544DF4AC5AD3A467A85FEE87134D] - 04/11/2013 - 19:20:24 ---A- - C:\Windows\Prefetch\CCUAC.EXE-E2BC9557.pf
~ Prefetcher: 140 Legitimates Filtered in 00mn 00s



---\\ ClÃ© de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{f666b96b-a83b-11e2-af96-aad62ad0f81b}\AutoRun\command. (...) -- E:\Startme.exe (.not file.)
~ Keys:  Scanned in 00mn 00s



---\\ EnumÃ©ration des clÃ©s de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 15 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du systÃ¨me (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [453712]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS   [9029]
~ Drivers: 15 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiÃ©s ou crÃ©es (Utilisateur) (O61)
O61 - LFC: 03/11/2013 - 19:56:22 ---A- . (...) -- C:\Users\BUN\AppData\Local\SwvUpdater\Updater.xml   [1208] =>PUP.Software.Updater
O61 - LFC: 04/11/2013 - 19:56:26 ---A- . (...) -- C:\Users\BUN\AppData\Roaming\ZHP\Log.txt   [17461]  =>.Nicolas Coolman
O61 - LFC: 04/11/2013 - 19:56:26 ---A- . (...) -- C:\Users\BUN\AppData\Roaming\ZHP\TestsZHPDiag.txt   [2762]  =>.Nicolas Coolman
O61 - LFC: 04/11/2013 - 19:56:33 ---A- . (...) -- C:\Users\BUN\Downloads\Cours\Histoire\EXPOSE AVENEMENT SUPPORT PAPIER.docx   [16430]
O61 - LFC: 04/11/2013 - 19:56:35 ---A- . (...) -- C:\Users\BUN\Downloads\EXPOSE AVENEMENT SUPPORT PAPIER BIS.docx   [19430]
O61 - LFC: 04/11/2013 - 19:56:35 ---A- . (...) -- C:\Users\BUN\Downloads\__ExposÃ©_   [12133]
O61 - LFC: 04/11/2013 - 19:56:35 ---A- . (.LÃ©a.) -- C:\Users\BUN\Downloads\DantonvsRobespierreFINAL.doc   [280576]
~ 5 Fichiers temporaires (Temporary files)
~ Files: 27 Legitimates Filtered in 00mn 35s



---\\ Liste des outils de dÃ©sinfection (LATC) (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - www.usbfix.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s



---\\ Menu de dÃ©marrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <>[HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys:  Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.1000082.isPlayDisplay", "true");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.1000082.state", "{\"state\":\"stopped\",\"text\":\"Virgin Ra...\",\"description\":\"Virgin Radio Classic Rock[...]
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.1000234.TWC_TMP_city", "PARIS");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.1000234.TWC_TMP_country", "FR");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.129815072111847605.isEnabled", "Y");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.FirstTime", "true");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.FirstTimeFF3", "true");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=2&q=");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.UserID", "UN51383710392128739");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.addressBarTakeOverEnabledInHidden", "true");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.autoDisableScopes", -1);
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.browser.search.defaultthis.engineName", true);
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.defaultSearch", "true");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.embeddedsData", "[{\"appId\":\"129306881621438061\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFra[...]
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.enableAlerts", "always");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.enableSearchFromAddressBar", "true");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.firstTimeDialogOpened", "true");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.fixPageNotFoundError", "true");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.fixPageNotFoundErrorInHidden", "true");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.fixUrls", true);
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.installId", "ConduitInstaller.exe"); =>Adware.Bloson
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.installType", "ConduitNSISIntegration");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.isNewTabEnabled", true);
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.isPerformedSmartBarTransition", "true"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.keyword", true);
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"E[...]
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.openThankYouPage", "false");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.openUninstallPage", "true");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.search.searchAppId", "129306881621438061");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.search.searchCount", "0");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.searchInNewTabEnabledInHidden", "true");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2801948\"}");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://NCHEN.Ou[...]
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"NCH EN\"}");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1345484557725");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.serviceLayer_services_appTracking_lastUpdate", "1345484561487");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.serviceLayer_services_appsMetadata_lastUpdate", "1345484557720");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1345484558456");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.serviceLayer_services_login_10.10.20.14_lastUpdate", "1345484561898");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1345484558556");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.serviceLayer_services_searchAPI_lastUpdate", "1345484555002");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.serviceLayer_services_serviceMap_lastUpdate", "1345484554495");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.serviceLayer_services_toolbarContextMenu_lastUpdate", "1345484558381");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.serviceLayer_services_toolbarSettings_lastUpdate", "1345484556440");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.serviceLayer_services_translation_lastUpdate", "1345484557747");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.settingsINI", true);
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.shouldFirstTimeDialog", "false");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.smartbar.CTID", "CT2801948"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.smartbar.Uninstall", "0"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.smartbar.homepage", true); =>Hijacker.SmartBar
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.smartbar.toolbarName", "NCH EN "); =>Hijacker.SmartBar
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.toolbarBornServerTime", "20-8-2012");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.toolbarCurrentServerTime", "20-8-2012");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.toolbarDisabled", "true");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("CT2801948.twitter_v1.8.0_twitter_app_open_t_f", "false");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("Smartbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT2801948&SearchSource=13"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("Smartbar.ConduitSearchEngineList", "NCH EN Customized Web Search"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("Smartbar.ConduitSearchUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=2&q="); =>Hijacker.SmartBar
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("avg.install.userHPSettings", "http://www.yd.delta-search.com/?affID=119816&tt=030213_yd&babsrc=HP_ss&mntrId=7a54da4a000[...] =>Toolbar.DeltaSearch
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("avg.install.userSPSettings", "Delta Search");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("extensions.BabylonToolbar_i.newTab", true); =>Toolbar.Babylon
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("extensions.delta.dfltLng", "en");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("extensions.delta.ffxUnstlRst", true);
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("extensions.delta.id", "7a54da4a0000000000005cd998a336f5");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("extensions.delta.instlDay", "15850");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("extensions.delta.vrsn", "1.8.21.5");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("extensions.delta.vrsnTs", "1.8.21.511:36:00");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("extensions.delta.vrsni", "1.8.21.5");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("extensions.delta_i.babExt", "");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("extensions.delta_i.babTrack", "affID=119403&tt=gc_");
O69 - SBI: prefs.js [BUN - 94nrmjz5.default] user_pref("extensions.delta_i.srcExt", "ss");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} [DefaultScope] - (NCH EN Customized Web Search) - http://search.conduit.com
~ Keys:  Scanned in 00mn 00s



---\\ Export de clÃ©s de registre alÃ©atoires (O91)
[HKCU\Software\5c57dbdde06de810\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\5c57dbdde06de810\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52"
[HKCU\Software\5c57dbdde06de810] =>Toolbar.Babylon^
~ Export Key Software:  Scanned in 00mn 00s



---\\ Etat gÃ©nÃ©ral des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 11/05/2013 65640 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 11/10/2013 257416 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 18/08/2009 176128 |  (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 10/09/2013 84024 |  (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 10/09/2013 108088 |  (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SS - | Auto 28/06/2013 9216 |  (FreemakeVideoCapture) . (.Ellora Assets Corp..) - C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
SS - | Demand 30/09/2013 118680 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 26/01/2009 1153368 |  (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
SS - | Auto 05/09/2013 171680 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 04/02/2013 155824 |  (Sony PC Companion) . (.Avanquest Software.) - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
SS - | Auto 05/07/2011 5553016 |  (TabletServicePen) . (.Wacom Technology, Corp..) - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
SS - | Auto 05/07/2011 451960 |  (TouchServicePen) . (.Wacom Technology, Corp..) - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Auto 26/06/2008 167936 |  (WlanWpsSvc) . (...) - C:\Program Files\D-Link\DWA-131 revA\WlanWpsSvc.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 10s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by BUN at 04/11/2013 19:57:28

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR:  Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 12971 - (04/11/2013)
ClÃ©s trouvÃ©es (Keys found) : 84
Valeurs trouvÃ©es (Values found) : 0
Dossiers trouvÃ©s  (Folders found) : 8
Fichiers trouvÃ©s  (Files found) : 6

[HKLM\Software\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}]   =>Adware.Agent
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}]   =>Adware.IMBooster
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}]   =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}]   =>Adware.iWinArcade
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}]   =>PUP.Software.Updater
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}]   =>PUP.Software.Updater
[HKLM\Software\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}]   =>PUP.Software.Updater
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}]   =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}]   =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}]   =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}]   =>PUP.RewardsArcade
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Updater.AmiUpd]   =>PUP.Software.Updater
[HKLM\Software\Classes\Updater.AmiUpd.1]   =>PUP.Software.Updater
[HKCU\Software\cacaoweb]   =>PUP.CacaoWeb
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes]   =>Toolbar.Conduit
[HKCU\Software\DataMngr]   =>Adware.Bandoo
[HKLM\Software\DataMngr]   =>Adware.Bandoo
[HKCU\Software\Iminent]   =>Adware.IMBooster
[HKLM\Software\Iminent]   =>Adware.IMBooster
[HKCU\Software\Softonic]   =>Toolbar.Conduit
[HKLM\Software\Microsoft\Tracing\Iminent_RASAPI32]   =>Adware.Bandoo
[HKLM\Software\Microsoft\Tracing\Iminent_RASMANCS]   =>Adware.Bandoo
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASAPI32]   =>Toolbar.Babylon
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASMANCS]   =>Toolbar.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}]   =>PUP.Software.Updater
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP]   =>Adware.IMBooster
[HKLM\Software\Classes\Prod.cap]   =>Toolbar.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]   =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]   =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller]   =>Adware.MegaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}]   =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Tracing\ConduitInstaller_RASAPI32]   =>Toolbar.Conduit
[HKLM\Software\Microsoft\Tracing\ConduitInstaller_RASMANCS]   =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E9E8EB35-FF77-455D-B677-91E5E4FC06C2}]   =>Toolbar.Freemake
[HKLM\Software\Classes\CLSID\{E9E8EB35-FF77-455D-B677-91E5E4FC06C2}]   =>Toolbar.Freemake
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9E8EB35-FF77-455D-B677-91E5E4FC06C2}]   =>Toolbar.Freemake
[HKCU\Software\BI]   =>Adware.MegaSearch
[HKLM\Software\Microsoft\Tracing\apnstub_RASAPI32]   =>Toolbar.Ask
[HKLM\Software\Microsoft\Tracing\apnstub_RASMANCS]   =>Toolbar.Ask
[HKLM\Software\Classes\Toolbar.CT2801948]   =>Toolbar.Conduit
C:\Program Files\Red Sky   =>Adware.DownTango^
C:\Users\BUN\AppData\Roaming\cacaoweb   =>PUP.CacaoWeb^
C:\Users\BUN\AppData\Local\SwvUpdater   =>PUP.Software.Updater^
C:\Program Files\Conduit   =>Toolbar.Conduit
C:\Users\BUN\AppData\Local\Conduit   =>Toolbar.Conduit
C:\Users\BUN\AppData\Local\Bundled software uninstaller   =>Adware.MegaSearch
C:\Users\BUN\AppData\LocalLow\Conduit   =>Toolbar.Conduit
C:\Users\BUN\AppData\Roaming\Mozilla\Firefox\Profiles\94nrmjz5.default\Smartbar   =>Hijacker.SmartBar
C:\Windows\Tasks\AmiUpdXp.job   =>PUP.Software.Updater^
C:\Users\BUN\AppData\Local\SwvUpdater\Updater.exe   =>PUP.Software.Updater^
[HKCU\Software\BabSolution]   =>Hijacker.BabSolution^
[HKCU\Software\Conduit]   =>Toolbar.Conduit^
[HKLM\Software\Conduit]   =>Toolbar.Conduit^
[HKCU\Software\5c57dbdde06de810]   =>Toolbar.Babylon^^
~ Additionnel Scan: 228030 Items scanned in 00mn 24s



---\\ RÃ©capitulatif des dÃ©tections trouvÃ©es sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch   =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon  =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/32713686-pup-software-updater   =>PUP.Software.Updater
~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution   =>Hijacker.BabSolution
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit   =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr   =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster  =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/27566847-pup-cacaoweb   =>PUP.CacaoWeb
~ http://nicolascoolman.webs.com/apps/blog/show/27659036-adware-downtango  =>Adware.DownTango
~ http://nicolascoolman.webs.com/apps/blog/show/32755958-adware-bloson   =>Adware.Bloson
~ http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar   =>Hijacker.SmartBar
~ http://nicolascoolman.webs.com/apps/blog/show/28000037-pup-rewardsarcade    =>PUP.RewardsArcade
~ http://nicolascoolman.webs.com/apps/blog/show/28766471-adware-iwinarcade  =>Adware.iWinArcade
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo  =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma   =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch   =>Adware.MegaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask   =>Toolbar.Ask
~ MSI: 17 link(s) detected in 00mn 24s



~ 1233 Legitimates filtered by white list
End of the scan (631 lines in 04mn 20s)(0)