~ Rapport de ZHPDiag v2014.1.10.8 - Nicolas Coolman (10/01/2014) ~ Lancé par laurent (27/01/2014 18:01:10) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by program ---\\ Navigateurs Internet MSIE: Internet Explorer v11.0.9600.16476 GCIE: Google Chrome v31.0.1650.63 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Home Premium, 32-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 2BT4J Windows License : OK ~ Windows Remaining Initializations Number : 3 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système Kaspersky Anti-Virus 2013 v13.0.1.4190 Malwarebytes Anti-Malware version 1.75.0.1300 Windows Defender W7 ---\\ Logiciels d'optimisation du système CCleaner v4.09 =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 11 ActiveX Java 7 Update 45 ---\\ Informations sur le système ~ Processor: x86 Family 6 Model 42 Stepping 7, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2781 MB (55% free) System Restore: Activé (Enable) System drive C: has 439 GB (94%) free of 466 GB ---\\ Mode de connexion au système ~ Computer Name: LAURENT-PC ~ User Name: laurent ~ All Users Names: UpdatusUser, laurent, Administrateur, ~ Unselected Option: O45,O61 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\laurent\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\laurent\AppData\Roaming\ ~ %Desktop% : C:\Users\laurent\Desktop\ ~ %Favorites% : C:\Users\laurent\Favorites\ ~ %LocalAppData% : C:\Users\laurent\AppData\Local\ ~ %StartMenu% : C:\Users\laurent\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 439 Go of 466 Go) D: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows ~ Security Center: 38 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.927FA6456AD6D7630F6854828D2FD16B] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/11/2013 - 07:33:33.) -- C:\Windows\System32\wininet.dll [1820160] [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 22:29:06.) -- C:\Windows\System32\Winlogon.exe [286720] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 22:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536] [MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 01:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 22:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 22:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904] [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 22:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes Favoris (My Favorites) : 1/26 ~ Mes Documents (My Documents) : 1/3 ~ Mon Bureau (My Desktop) : 1/18 ~ Menu demarrer (Programs) : 1/25 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2368] [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.4004] [MD5.15D2DB9BFA8E833ED31FAB2BB088FDDA] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128] [PID.1872] [MD5.4C2ECFF76CE32EC594545152D1DCEB35] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [145880] [PID.1420] [MD5.1B422F7D2238612919EE9771D26B0208] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [181208] [PID.972] [MD5.22884291BD017D70E047D50DAD3C4602] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [189912] [PID.3380] [MD5.FCE54BAD203738C1FEE9FC33AFD6A305] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1821984] [PID.3756] [MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [20584608] [PID.5264] [MD5.B0C4C121BA864A9024863657E221AD45] - (.Conduit - Search Protect by Conduit.) -- C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe [4329248] [PID.6764] =>Toolbar.Conduit [MD5.7D0205030D523173B47470E71239FB83] - (.Conduit - Search Protect by Conduit.) -- C:\Program Files\SearchProtect\UI\bin\cltmngui.exe [2911520] [PID.6816] =>Toolbar.Conduit [MD5.8655BF1CA65C808A62CB76BEC6713421] - (.Nosibay - Bubble Dock.) -- C:\Users\laurent\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe [665104] [PID.7880] =>PUP.BubbleDock [MD5.33BE35574E1081A91EACD2B98E0A472A] - (.APN - Ask Toolbar Notifier.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640] [PID.4724] =>Toolbar.Ask [MD5.ABC13EE82ECC14C63709465BA9BCA0AD] - (.APN LLC. - Virtual New Tab Loader.) -- C:\Users\laurent\AppData\Local\VNT\vntldr.exe [202192] [PID.5948] =>Toolbar.Ask [MD5.CBE0D982904A629AF2D2E8B6EA9B1ED2] - (.ooVoo LLC - ooVoo.) -- C:\Program Files\ooVoo\oovoo.exe [36125760] [PID.7736] [MD5.3EAD6B3D7725A17ACB34E5219C613729] - (.Nosibay - Bubble Dock.) -- C:\Users\laurent\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock.exe [5154320] [PID.7880] =>PUP.BubbleDock [MD5.B71EC56691F8F4524AD4AA326960E41F] - (.AVM Software Inc. - Paltalk Messenger.) -- C:\Program Files\Paltalk Messenger\paltalk.exe [9925728] [PID.5012] [MD5.29A4611EE6F24AF1EB4014088A1911C6] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8323072] [PID.6556] [MD5.FAEFC55E4F7CED7DE6CB9EE5BC8827F9] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 327.0.) -- C:\Windows\system32\nvvsvc.exe [662816] [PID.960] [MD5.76D00DF731D23A541E89F7A27F672941] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [916768] [PID.1568] [MD5.F9D905B18752AEB78FDA90E42C5F5095] - (.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\MaConfigAgent.exe [2077008] [PID.1904] [MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1936] [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.1956] [MD5.4BAE67FFDC0E1AE2B4FB5FC21F07B65C] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1364256] [PID.3104] [MD5.80251D8890EF97F04B4A75CC6629EBEC] - (.Conduit - Search Protect by Conduit.) -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2301216] [PID.6656] =>Toolbar.Conduit [MD5.B342CD9AA44E4AE99E2368EBDBC2E17A] - (.APN LLC. - APN Updater.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352] [PID.1740] =>Toolbar.Ask [MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Service de la plateforme de protection logi.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.5716] ~ Processes Running: Scanned in 00mn 03s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\laurent\AppData\Local\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [User Data\Default] http://search.conduit.com G0 - GCSP: Preference [User Data\Default][HomePage] http://search.conduit.com G0 - GCSP: Preference [User Data\Default] http://search.conduit.com G2 - GCE: Preference [User Data\Default] [booedmolknjekdopkepjjeckmjkdpfgl] Extutil v.0.1 (Activé) G2 - GCE: Preference [User Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé) G2 - GCE: Preference [User Data\Default] [opjebaomffhbebmkanbennmagkdjkclo] Oovoo Toolbar v.30.3, (Désactivé) =>Toolbar.Oovoo ~ Google Browser: 21 Legitimates Filtered in 00mn 17s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\Desktop [Public]: Kaspersky Anti-Virus 2013.lnk . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus Launcher.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\starter_avp.exe O4 - GS\QuickLaunch [laurent]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch [laurent]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch [laurent]: Paltalk Messenger.lnk . (.AVM Software Inc. - Paltalk Messenger.) -- C:\Program Files\Paltalk Messenger\paltalk.exe O4 - GS\QuickLaunch [laurent]: Upgrade to Paltalk Extreme.lnk - Clé orpheline O4 - GS\TaskBar [laurent]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\TaskBar [laurent]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Program [laurent]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SystemTools [laurent]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Desktop [laurent]: Paltalk Messenger.lnk . (.AVM Software Inc. - Paltalk Messenger.) -- C:\Program Files\Paltalk Messenger\paltalk.exe ~ Global Startup: 61 Legitimates Filtered in 00mn 02s ---\\ Applications lancées au démarrage du sytème (O4) O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe (.not file.) O4 - HKLM\..\Run: [ApnTBMon] . (.APN - Ask Toolbar Notifier.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask O4 - HKLM\..\Run: [VNT] . (.APN LLC. - Virtual New Tab Loader.) -- C:\Program Files\VNT\vntldr.exe =>Toolbar.Ask O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation O4 - HKCU\..\Run: [Bubble Dock] . (.Nosibay - Bubble Dock.) -- C:\Users\laurent\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe =>PUP.BubbleDock O4 - HKCU\..\Run: [ooVoo.exe] . (.ooVoo LLC - ooVoo.) -- C:\Program Files\ooVoo\oovoo.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-143037667-2145307702-4118085144-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-143037667-2145307702-4118085144-1000\..\Run: [Bubble Dock] . (.Nosibay - Bubble Dock.) -- C:\Users\laurent\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe =>PUP.BubbleDock O4 - HKUS\S-1-5-21-143037667-2145307702-4118085144-1000\..\Run: [ooVoo.exe] . (.ooVoo LLC - ooVoo.) -- C:\Program Files\ooVoo\oovoo.exe ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Clavier virtuel - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\kbrd.ico O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} . (.AVM Software Inc. - Paltalk Messenger.) -- C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Analyse des liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\logo.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{73BD35F3-9F20-41E1-90DF-4524430567DC}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{A1D4B9F2-F352-4CA0-84B2-B1852300BC9C}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{73BD35F3-9F20-41E1-90DF-4524430567DC}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{A1D4B9F2-F352-4CA0-84B2-B1852300BC9C}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{73BD35F3-9F20-41E1-90DF-4524430567DC}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{A1D4B9F2-F352-4CA0-84B2-B1852300BC9C}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (.Conduit - Search Protect by Conduit.) - C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll =>Toolbar.Conduit ~ AppInit DLL: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Service de mise à jour Ask (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask O23 - Service: Search Protect by Conduit Service (CltMngSvc) . (.Conduit - Search Protect by Conduit.) - C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe =>Toolbar.Conduit O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe ~ Services: 10 Legitimates Filtered in 00mn 10s ---\\ Logiciels installés (O42) O42 - Logiciel: FileParade Bundle - (.FileParade Bundle.) [HKLM] -- FileParade Bundle O42 - Logiciel: Search Protect - (.Conduit.) [HKLM] -- SearchProtect =>Toolbar.Conduit ~ Logic: 12 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\APN PIP] [HKCU\Software\AskPartnerNetwork] [HKCU\Software\Conduit] =>Toolbar.Conduit [HKCU\Software\Ecommfactory] [HKCU\Software\IM] [HKCU\Software\VNT] [HKLM\Software\AskPartnerNetwork] [HKLM\Software\ValueApps] =>Toolbar.Conduit ~ Key Software: 126 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 27/01/2014 - 17:42:00 - [8,791] ----D C:\Program Files\AskPartnerNetwork O43 - CFD: 08/12/2013 - 16:58:22 - [0] ----D C:\Program Files\GUMD2C9.tmp O43 - CFD: 27/01/2014 - 17:42:01 - [0,333] ----D C:\Program Files\VNT O43 - CFD: 27/01/2014 - 17:41:45 - [0] ----D C:\ProgramData\APN O43 - CFD: 27/01/2014 - 17:42:00 - [0,663] ----D C:\ProgramData\AskPartnerNetwork O43 - CFD: 08/12/2013 - 21:36:42 - [0,049] ----D C:\Users\laurent\AppData\Roaming\AnMacPc-3902 O43 - CFD: 08/12/2013 - 20:57:07 - [0,054] ----D C:\Users\laurent\AppData\Roaming\AnMacPc-3905 O43 - CFD: 10/01/2014 - 21:05:39 - [0] ----D C:\Users\laurent\AppData\Local\ValueApps =>Toolbar.Conduit O43 - CFD: 27/01/2014 - 17:42:04 - [0,344] ----D C:\Users\laurent\AppData\Local\VNT ~ Program Folder: 110 Legitimates Filtered in 00mn 06s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712] O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624] O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097] O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768] O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537] O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146] O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952] O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672] O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776] O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536] O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672] ~ Drivers: 16 Legitimates Filtered in 00mn 07s ---\\ Fichiers Alternate Data Stream (ADS) (O62) O62 - ADS:Alternate Data Stream File - C:\Windows\System32\Drivers\athr.sys:Zone.Identifier ~ ADS: Scanned in 00mn 01s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [DefaultScope] - (Conduit Search) - http://search.conduit.com O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][20/01/2014] (.Conduit - SP Usage Sender.) -- C:\Users\laurent\AppData\Local\Temp\nsf9FBD.exe [167812] =>Toolbar.Conduit [MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][20/01/2014] (.Conduit - SP Usage Sender.) -- C:\Users\laurent\AppData\Local\Temp\nskA559.exe [167812] =>Toolbar.Conduit [MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][20/01/2014] (.Conduit - SP Usage Sender.) -- C:\Users\laurent\AppData\Local\Temp\nskEC7.exe [167812] =>Toolbar.Conduit [MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][20/01/2014] (.Conduit - SP Usage Sender.) -- C:\Users\laurent\AppData\Local\Temp\nsp87F.exe [167812] =>Toolbar.Conduit [MD5.2AC7B1C68346796BB2B494DDF7335401] [SPRF][27/01/2014] (.Ask.com - Offercast - APN Install Manager.) -- C:\Users\laurent\AppData\Local\Temp\offercast.exe [1083824] ~ Files: 5 Legitimates Filtered in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.3A01EB207B2E2BC1564F6AB32026D832] [WIS][09/01/2014] (.APN, LLC - Oovoo Toolbar.) -- C:\Windows\Installer\4b6302.msi [359936] =>Toolbar.Oovoo ~ WIS: 11 Legitimates Filtered in 00mn 01s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 21/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 07/11/2013 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\System32\IntelCpHeciSvc.exe SS - | Auto 08/12/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 08/12/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 08/12/2013 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SR - | Auto 09/01/2014 166352 | (APNMCP) . (.APN LLC..) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask SR - | Auto 08/12/2013 356128 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe SR - | Auto 20/01/2014 2301216 | (CltMngSvc) . (.Conduit.) - C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe =>Toolbar.Conduit SR - | Auto 25/10/2013 2077008 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe SR - | Auto 30/08/2013 662816 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SR - | Auto 05/09/2013 1364256 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 03s ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by laurent at 27/01/2014 18:02:38 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys 1 ntkrnlpa!IofCallDriver[0x82C47BBA] >> \Device\Harddisk0\DR0[0x8694DA78] kernel: MBR read successfully user & kernel MBR OK ~ MBR: 12 Legitimates Filtered in 00mn 02s ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by laurent at 27/01/2014 18:02:40 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ---\\ Scan Additionnel (O88) Database Version : 13019 - (10/01/2014) Clés trouvées (Keys found) : 11 Valeurs trouvées (Values found) : 2 Dossiers trouvés (Folders found) : 6 Fichiers trouvés (Files found) : 19 [HKLM\Software\Google\Chrome\Extensions\opjebaomffhbebmkanbennmagkdjkclo] =>Toolbar.Oovoo ^ [HKLM\SYSTEM\CurrentControlSet\Services\APNMCP] =>Toolbar.Ask^ [HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc] =>Toolbar.Conduit^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>Toolbar.Conduit^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer [HKLM\Software\Classes\CLSID\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer [HKCU\Software\APN PIP] =>Toolbar.Ask [HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask [HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:ApnTBMon =>Toolbar.Ask^ [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Bubble Dock =>PUP.BubbleDock^ C:\Users\laurent\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjebaomffhbebmkanbennmagkdjkclo =>Toolbar.Oovoo ^ C:\Users\laurent\AppData\Local\ValueApps =>Toolbar.Conduit^ C:\Program Files\SearchProtect =>Toolbar.Conduit C:\Program Files\AskPartnerNetwork =>Toolbar.Ask C:\ProgramData\AskPartnerNetwork =>Toolbar.Ask C:\Users\laurent\AppData\Local\SearchProtect =>Toolbar.Conduit C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe =>Toolbar.Conduit^ C:\Program Files\SearchProtect\UI\bin\cltmngui.exe =>Toolbar.Conduit^ C:\Users\laurent\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe =>PUP.BubbleDock^ C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask^ C:\Users\laurent\AppData\Local\VNT\vntldr.exe =>Toolbar.Ask^ C:\Users\laurent\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock.exe =>PUP.BubbleDock^ C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe =>Toolbar.Conduit^ C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask^ [HKCU\Software\Conduit] =>Toolbar.Conduit^ [HKLM\Software\ValueApps] =>Toolbar.Conduit^ C:\Users\laurent\AppData\Local\Temp\nsf9FBD.exe =>Toolbar.Conduit^ C:\Users\laurent\AppData\Local\Temp\nskA559.exe =>Toolbar.Conduit^ C:\Users\laurent\AppData\Local\Temp\nskEC7.exe =>Toolbar.Conduit^ C:\Users\laurent\AppData\Local\Temp\nsp87F.exe =>Toolbar.Conduit^ C:\Windows\Installer\4b6302.msi =>Toolbar.Oovoo ^ ~ Additionnel Scan: 143460 Items scanned in 00mn 13s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit ~ http://nicolascoolman.webs.com/apps/blog/show/31746142-toolbar-bubbledock =>Toolbar.BubbleDock ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask ~ http://nicolascoolman.webs.com/apps/blog/show/27556476-adware-spointer =>Adware.SPointer ~ MSI: 4 link(s) detected in 00mn 13s ~ 770 Legitimates filtered by white list End of the scan (488 lines in 01mn 45s)(0)