- mar. 28 janv. 2014 13:47
#96798
Bonjour,
J'ai essayé de suivre vos instructions pour supprimer awesome hp:
Je vous joins les rapports d'ADW
et de ZHP Diag:
~ Rapport de ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014)
~ Lancé par bureau (28/01/2014 12:11:10)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16476
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Anti-virus firewall
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Internet Security Suite v12.8.903
Windows Defender W7
---\\ Logiciels d'optimisation du système
CCleaner v4.10 =Piriform Ltd
---\\ Logiciels de partage PeerToPeer
µTorrent v3.1.3 =P2P.µTorrent
---\\ Surveillance de Logiciels
---\\ Informations sur le système
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3684 MB (47% free)
System Restore: Activé (Enable)
System drive C: has 1338 GB (96%) free of 1385 GB
---\\ Mode de connexion au système
~ Computer Name: BUREAU-HP
~ User Name: bureau
~ All Users Names: bureau, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\bureau\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\bureau\AppData\Roaming\
~ %Desktop% : C:\Users\bureau\Desktop\
~ %Favorites% : C:\Users\bureau\Favorites\
~ %LocalAppData% : C:\Users\bureau\AppData\Local\
~ %StartMenu% : C:\Users\bureau\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 1338 Go of 1385 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 12 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.06/01/2012 - 05:10:57.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/11/2013 - 08:07:57.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.06/01/2012 - 05:05:40.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 03s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/3
~ Mes musiques (My Musics) : 1/6
~ Mes Favoris (My Favorites) : 1/10
~ Mes Documents (My Documents) : 2/187
~ Mon Bureau (My Desktop) : 1/9
~ Menu demarrer (Programs) : 1/50
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.8748]
[MD5.61E3B5BEE1C10954F53DC07282F2A61C] - (.Logitech Inc. - Logitech Vid HD.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [6129496] [PID.3296]
[MD5.11E8D8272FDBE213ADE3DAD91427CE35] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [11322880] [PID.2092]
[MD5.B332E8E6EA1E0A8C6A889A7013E8F665] - (.F-Secure Corporation - F-Secure Settings and Statistics.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSM32.exe [201376] [PID.8352]
[MD5.A2418D3C557C0A0C634DA713A8AC3789] - (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336] [PID.5724]
[MD5.8AC10EC7431ABCB52A74CC9236907EB7] - (.CANON INC. - Canon Quick Menu.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.exe [1282120] [PID.5824]
[MD5.0CFBE0CB0AB8FF450A631DD80F82B7BD] - (...) -- C:\Program Files (x86)\BrowseForTheCause\BrowseForTheCause.exe [3744104] [PID.7376] =Adware.BrowseForTheCause
[MD5.2337EC951C4AF6E1AF65D10BD9615BEB] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [11314688] [PID.5280]
[MD5.26B54BFD5CBC33FA1D71FBE87849289B] - (.CANON INC. - Canon Quick Menu Updater.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.exe [1088088] [PID.9328]
[MD5.CEFE852859CBCA9BA15DB6EE7F0DD6A5] - (.CANON INC. - Canon Quick Menu Image Display.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe [989800] [PID.7972]
[MD5.C8A8321292A459B0A17FB39A782A5C74] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [806096] [PID.2660]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.1272]
[MD5.67A95B9D129ED5399E7965CD09CF30E7] - (.Logitech Inc. - Logitech User mode UMVPF service.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848] [PID.1044]
[MD5.25FDF58009C2C666FE0A5BB7AA319447] - (.337 Technology Limited. - dsk service.) -- C:\Program Files (x86)\Desk 365\deskSvc.exe [425008] [PID.1284] =Hijacker.22Find
[MD5.D1EBE337782B1F32A52C0C80A98FC08B] - (.Cherished Technololgy LIMITED - IePlugin Service.) -- C:\ProgramData\IePluginService\PluginService.exe [508016] [PID.1440] =Trojan.SProtector
[MD5.39531D54F2AFA4473BB4A97F64E99271] - (.Cherished Technololgy LIMITED - WPM Service.) -- C:\ProgramData\WPM\wprotectmanager.exe [493568] [PID.1480] =PUP.WpManager
[MD5.CA793DCC1D5F619021EF1D37CC7A831E] - (.EasyBits Software AS - Shared EasyBits services for Windows.) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232] [PID.1880]
[MD5.D0968119EAFB486A94DAA3436B89E638] - (.F-Secure Corporation - F-Secure Anti-Virus Scanning Service.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe [221856] [PID.2004]
[MD5.2521186EB2D48F27257DFE019F397E36] - (.F-Secure Corporation - F-Secure Management Agent.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSMA32.exe [189088] [PID.1472]
[MD5.B062ACD6EE9ACB6714ADE76B4AE33965] - (.F-Secure Corporation - F-Secure Gatekeeper Handler 32-bit.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\FSGK32.exe [585256] [PID.1612]
[MD5.C5E4602D85029C666A42890A3B2DFA45] - (.Pas de propriétaire - Inkjet Printer/Scanner/Fax Extended Survey.) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe [140936] [PID.2228]
[MD5.C297CCF95AD7C9CD069507B256F5B954] - (.F-Secure Corporation - F-Secure DLL Hosting Plugin.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSHDLL32.exe [90784] [PID.2292]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2476]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2544]
[MD5.075CDE4F95ED6119B4BA9162876801F8] - (.PDF Complete Inc - Dispatcher.) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952] [PID.1016]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.4048]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.4124]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.4624]
[MD5.45303CDBC1FD8F8D371E726BF126F771] - (.F-Secure Corporation - F-Secure ORSP Service.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe [60352] [PID.3692]
[MD5.9EE8B661C4672E44B64666704F2EAD70] - (.F-Secure Corporation - F-Secure Scanner Manager 32-bit.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fssm32.exe [1078312] [PID.4756]
[MD5.20C3D8E800F3BDDC763A81166411A6DA] - (.F-Secure Corporation - F-Secure Anti-Virus Handler 32-bit.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fsav32.exe [563648] [PID.8844]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.1728]
~ Processes Running: Scanned in 00mn 06s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\bureau\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www.awesomehp.com =PUP.Awesomehp
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.awesomehp.com =PUP.Awesomehp
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pkndmigholgfjlniaohblojbhgjbkakn] Lightning speedDial v.1.1.7, (Activé)
~ Google Browser: 15 Legitimates Filtered in 00mn 01s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\bureau\AppData\Roaming\Mozilla\Firefox\Profiles\63pctuxd.default\prefs.js
M3 - MFPP: Plugins - [bureau] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\awesomehp.xml =PUP.Awesomehp
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll
~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.nationzoom.com =Hijacker.NationZoom
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoom.com =Hijacker.NationZoom
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoom.com =Hijacker.NationZoom
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoom.com =Hijacker.NationZoom
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoom.com =Hijacker.NationZoom
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoom.com =Hijacker.NationZoom
~ IE Browser: 17 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: IETabPage Class [64Bits] - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\SupTab\SupTab.dll
O2 - BHO: Wajam IE BHO [64Bits] - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} . (.Wajam - Wajam Internet Explorer Add-on.) -- C:\Program Files (x86)\Wajam\IE\priam_bho.dll =PUP.Wajam
~ BHO: 10 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
O3 - Toolbar: Canon Easy-WebPrint EX - [HKLM]{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} . (.CANON INC. - Easy-WebPrint EX.) -- C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =P2P.BitTorrent
O4 - GS\Program [Public]: Garantie.lnk . (...) -- C:\SWSETUP\HP Documentation\Warranty\Warranty.pdf
O4 - GS\QuickLaunch [bureau]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.nationzoom.com =Hijacker.NationZoom
O4 - GS\TaskBar [bureau]: hpDST.lnk . (.Hewlett-Packard Company - Setup Manager.) -- C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe
O4 - GS\TaskBar [bureau]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com =Hijacker.NationZoom
O4 - GS\Program [bureau]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com =Hijacker.NationZoom
O4 - GS\SystemTools [bureau]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com =Hijacker.NationZoom
O4 - GS\SendTo [bureau]: Desk 365.lnk . (.337 Technology Limited. - Desk 365 application.) -- C:\Program Files (x86)\Desk 365\desk365.exe =Hijacker.22Find
~ Global Startup: 59 Legitimates Filtered in 00mn 07s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [bureau]: OpenOffice.org 3.3.lnk . (...) -- C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =.Microsoft Corporation
O4 - HKCU\..\Run: [NBJ] . (.Ahead Software AG - Nero BackItUp Scheduler Application.) -- C:\Program Files (x86)\Ahead\Nero BackItUp\NBJ.exe
O4 - HKCU\..\Run: [Logitech Vid] . (.Logitech Inc. - Logitech Vid HD.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =.Skype Technologies S.A.
O4 - HKCU\..\Run: [Desk 365] . (.337 Technology Limited. - Desk 365 application.) -- C:\Program Files (x86)\Desk 365\desk365.exe =Hijacker.22Find
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [Easybits Recovery] . (.EasyBits Software AS - Pas de description.) -- C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe =.EasyBits Software AS
O4 - HKLM\..\Wow6432Node\Run: [PDF Complete] . (.PDF Complete Inc - Sentry for PDF.) -- C:\Program Files (x86)\PDF Complete\pdfsty.exe =.PDF Complete Inc
O4 - HKLM\..\Wow6432Node\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [F-Secure Manager] . (.F-Secure Corporation - F-Secure Settings and Statistics.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSM32.exe
O4 - HKLM\..\Wow6432Node\Run: [F-Secure TNB] . (.F-Secure Corporation - TNBUtil.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe
O4 - HKLM\..\Wow6432Node\Run: [LWS] . (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe =.Logitech Inc
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [CanonQuickMenu] . (.CANON INC. - Canon Quick Menu.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.exe
O4 - HKLM\..\Wow6432Node\Run: [BrowseForTheCause] . (...) -- C:\Program Files (x86)\BrowseForTheCause\BrowseForTheCause.exe =Adware.BrowseForTheCause
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-21-1078799100-2399800588-3598546305-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-21-1078799100-2399800588-3598546305-1000\..\Run: [NBJ] . (.Ahead Software AG - Nero BackItUp Scheduler Application.) -- C:\Program Files (x86)\Ahead\Nero BackItUp\NBJ.exe
O4 - HKUS\S-1-5-21-1078799100-2399800588-3598546305-1000\..\Run: [Logitech Vid] . (.Logitech Inc. - Logitech Vid HD.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
O4 - HKUS\S-1-5-21-1078799100-2399800588-3598546305-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1078799100-2399800588-3598546305-1000\..\Run: [Desk 365] . (.337 Technology Limited. - Desk 365 application.) -- C:\Program Files (x86)\Desk 365\desk365.exe =Hijacker.22Find
~ Application: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2090D895-713B-49D9-A440-3E5D50C4C657}: NameServer = 76.73.6.26,50.7.75.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 76.73.6.26,50.7.75.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{2090D895-713B-49D9-A440-3E5D50C4C657}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2090D895-713B-49D9-A440-3E5D50C4C657}: NameServer = 76.73.6.26,50.7.75.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 76.73.6.26,50.7.75.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{2090D895-713B-49D9-A440-3E5D50C4C657}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{2090D895-713B-49D9-A440-3E5D50C4C657}: NameServer = 76.73.6.26,50.7.75.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 76.73.6.26,50.7.75.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{2090D895-713B-49D9-A440-3E5D50C4C657}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Desk 365 service (desksvc) . (.337 Technology Limited. - dsk service.) - C:\Program Files (x86)\Desk 365\deskSvc.exe =Hijacker.22Find
O23 - Service: IePlugin Service (IePluginService) . (.Cherished Technololgy LIMITED - IePlugin Service.) - C:\ProgramData\IePluginService\PluginService.exe =Trojan.SProtector
O23 - Service: Wpm Service (Wpm) . (.Cherished Technololgy LIMITED - WPM Service.) - C:\ProgramData\WPM\wprotectmanager.exe =PUP.WpManager
~ Services: 24 Legitimates Filtered in 01mn 04s
---\\ Tâches planifiées en automatique (O39)
[MD5.0CFBE0CB0AB8FF450A631DD80F82B7BD] [APT] [BrowseForTheCauseUpdate] (...) -- C:\Program Files (x86)\BrowseForTheCause\BrowseForTheCause.exe [3744104] =Adware.BrowseForTheCause
[MD5.9E195DD48C0341CEB109B5DC567854E1] [APT] [Desk 365 RunAsStdUser] (.337 Technology Limited..) -- C:\Program Files (x86)\Desk 365\desk365.exe [1013808] =Hijacker.22Find
~ Scheduled Task: 27 Legitimates Filtered in 00mn 10s
---\\ Logiciels installés (O42)
O42 - Logiciel: Browse for the Cause - (...) [HKLM][64Bits] -- BrowseForTheCause =Adware.BrowseForTheCause
O42 - Logiciel: Desk 365 - (.337 Technology Limited..) [HKLM][64Bits] -- Desk 365 =Hijacker.22Find
O42 - Logiciel: IePluginService12.27.0.3326 - (.Cherished Technololgy LIMITED.) [HKLM][64Bits] -- IePlugins =Trojan.SProtector
O42 - Logiciel: SupTab - (...) [HKLM][64Bits] -- SupTab
O42 - Logiciel: WPM17.8.0.3325 - (.Cherished Technololgy LIMITED.) [HKLM][64Bits] -- WPM =PUP.WpManager
O42 - Logiciel: Wajam - (.Wajam.) [HKLM][64Bits] -- Wajam =PUP.Wajam
~ Logic: 50 Legitimates Filtered in 00mn 02s
---\\ HKCU HKLM Software Keys
[HKCU\Software\BrowseForTheCause] =Adware.BrowseForTheCause
[HKCU\Software\Wajam] =PUP.Wajam
[HKLM\Software\Wow6432Node\V9]
[HKLM\Software\Wow6432Node\Wpm] =PUP.WpManager
[HKLM\Software\Wow6432Node\deskSvc]
[HKLM\Software\Wow6432Node\supTab]
[HKLM\Software\Wow6432Node\supWPM] =PUP.WpManager
~ Key Software: 350 Legitimates Filtered in 00mn 02s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/01/2014 - 11:35:12 - [3,571] ----D C:\Program Files (x86)\BrowseForTheCause =Adware.BrowseForTheCause
O43 - CFD: 28/01/2014 - 11:41:37 - [10,575] ----D C:\Program Files (x86)\Desk 365 =Hijacker.22Find
O43 - CFD: 27/02/2012 - 16:10:12 - [102,933] ----D C:\Program Files (x86)\Free VCL
O43 - CFD: 28/01/2014 - 11:33:40 - [2,315] ----D C:\Program Files (x86)\SupTab
O43 - CFD: 28/01/2014 - 11:36:55 - [0,892] ----D C:\Program Files (x86)\Wajam =PUP.Wajam
O43 - CFD: 28/01/2014 - 11:34:39 - [33,331] ----D C:\Program Files (x86)\Common Files\337
O43 - CFD: 28/01/2014 - 11:33:41 - [0,484] ----D C:\ProgramData\IePluginService =Trojan.SProtector
O43 - CFD: 28/01/2014 - 11:32:57 - [0,471] ----D C:\ProgramData\WPM =PUP.WpManager
O43 - CFD: 06/01/2012 - 05:28:07 - [44,625] ----D C:\ProgramData\{95164853-C885-4648-BEAA-E04328156EF0}
O43 - CFD: 28/01/2014 - 11:45:20 - [17,496] ----D C:\Users\bureau\AppData\Roaming\Desk 365 =Hijacker.22Find
O43 - CFD: 28/01/2014 - 11:36:33 - [0,031] ----D C:\Users\bureau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam =PUP.Wajam
~ 9 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 185 Legitimates Filtered in 00mn 41s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.95D7F3E59526D4B280276423A243478A] - 28/01/2014 - 11:36:55 ---A- . (...) -- C:\end [5529]
~ Files: 24 Legitimates Filtered in 03mn 58s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.7315593DAE6C00E378B3A812640AE44E] - 02/09/2005 - 01:40:26 ---A- . (...) -- C:\Windows\System32\Drivers\FBIKB_NT.Sys [4352]
O58 - SDL:[MD5.F59F2C574AA5D84477EB89F87C938F16] - 12/11/2012 - 16:06:54 ---A- . (...) -- C:\Windows\System32\Drivers\fsbts.sys [56016]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.F87FBE8B104DF9C35CD52909B8D28A4A] - 12/11/2012 - 16:00:59 ---A- . (...) -- C:\Windows\SysWOW64\drivers\fsbts.sys [33408]
~ Drivers: 21 Legitimates Filtered in 00mn 09s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =PUP.Awesomehp
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [bureau - 63pctuxd.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.F24D03DB0A3FAA8688B55211BFB67854] [SPRF][28/01/2014] (.Skytech Co., Ltd. - Skytech.) -- C:\Users\bureau\AppData\Local\Temp\adks_nationzoom.exe [885400] =Hijacker.NationZoom
[MD5.0CFBE0CB0AB8FF450A631DD80F82B7BD] [SPRF][28/01/2014] (...) -- C:\Users\bureau\AppData\Local\Temp\forcause-ak.exe [3744104]
[MD5.3DF9C822FFD4245403113A555A27357F] [SPRF][12/01/2014] (...) -- C:\Users\bureau\AppData\Local\Temp\Quarantine.exe [360073]
[MD5.27223EA1C4ED2BFE0685161DC0555FB8] [SPRF][28/01/2014] (...) -- C:\Users\bureau\AppData\Local\Temp\temp.bat [297]
[MD5.B0F6507F8666E89DD9F192313D88EB98] [SPRF][16/06/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\bureau\AppData\Local\Temp\uninst1.exe [389632] =PUP.Babylon
[MD5.CDC339910694FD0C5BEFAAC38261CD06] [SPRF][28/01/2014] (...) -- C:\Users\bureau\AppData\Local\Temp\Wajam_download.exe [61632] =PUP.Wajam
~ Files: 6 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Demand 02/08/2013 602944 | (McODS) . (.McAfee, Inc..) - C:\Program Files\McAfee\VirusScan\mcods.exe
SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 25/10/2013 114176 | (WajamUpdaterV3) . (.Wajam.) - C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe =PUP.Wajam
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =.Microsoft Corporation
SR - | Auto 01/07/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 28/01/2014 425008 | (desksvc) . (.337 Technology Limited..) - C:\Program Files (x86)\Desk 365\deskSvc.exe =Hijacker.22Find
SR - | Auto 10/07/1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe =.EasyBits Software AS
SR - | Auto 12/08/2011 221856 | (F-Secure Gatekeeper Handler Starter) . (.F-Secure Corporation.) - C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe
SR - | Demand 12/08/2011 907936 | (FSDFWD) . (.F-Secure Corporation.) - C:\Program Files (x86)\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe
SR - | Auto 12/08/2011 189088 | (FSMA) . (.F-Secure Corporation.) - C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSMA32.exe
SR - | Demand 06/06/2013 60352 | (FSORSPClient) . (.F-Secure Corporation.) - C:\Program Files (x86)\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe
SR - | Auto 30/07/2013 328928 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 11/10/2010 346168 | (HPClientSvc) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
SR - | Auto 14/01/2014 508016 | (IePluginService) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\IePluginService\PluginService.exe =Trojan.SProtector
SR - | Auto 14/05/2013 140936 | (IJPLMSVC) . (...) - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 31/08/2012 201304 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SR - | Auto 28/11/2013 178048 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Auto 30/07/2013 328928 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 26/11/2013 1025232 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 04/11/2013 219272 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 04/11/2013 182752 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 30/07/2013 328928 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 06/05/2011 1128952 | (pdfcDispatcher) . (.PDF Complete Inc.) - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
SR - | Auto 18/01/2012 450848 | (UMVPFSrv) . (.Logitech Inc..) - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
SR - | Auto 28/01/2014 493568 | (Wpm) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\WPM\wprotectmanager.exe =PUP.WpManager
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 34s
---\\ Scan Additionnel (O88)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 36
Valeurs trouvées (Values found) : 8
Dossiers trouvés (Folders found) : 10
Fichiers trouvés (Files found) : 12
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =PUP.Wajam^
[HKLM\SYSTEM\CurrentControlSet\Services\desksvc] =Hijacker.22Find^
[HKLM\SYSTEM\CurrentControlSet\Services\IePluginService] =Trojan.SProtector^
[HKLM\SYSTEM\CurrentControlSet\Services\Wpm] =PUP.WpManager^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BrowseForTheCause] =Adware.BrowseForTheCause^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Desk 365] =Hijacker.22Find^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins] =Trojan.SProtector^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM] =PUP.WpManager^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Wajam] =PUP.Wajam^
[HKLM\Software\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}] =Toolbar.Wajam
[HKLM\Software\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}] =Toolbar.Wajam
[HKLM\Software\Wow6432Node\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}] =Toolbar.Wajam
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =PUP.V9Software
[HKLM\Software\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}] =Toolbar.Wajam
[HKLM\Software\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}] =Toolbar.Wajam
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =Toolbar.Agent
[HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =Toolbar.Wajam
[HKLM\Software\Wow6432Node\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =Toolbar.Wajam
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater] =Toolbar.Wajam
[HKCU\Software\BrowseForTheCause] =Adware.BrowseForTheCause
[HKLM\Software\Wow6432Node\BrowseForTheCause] =Adware.BrowseForTheCause
[HKLM\Software\Classes\AppID\priam_bho.DLL] =Toolbar.Wajam
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Desk 365] =Hijacker.22find
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] =Hijacker.22find
[HKLM\Software\Classes\wajam.WajamBHO] =PUP.Wajam
[HKLM\Software\Classes\wajam.WajamBHO.1] =PUP.Wajam
[HKLM\Software\Classes\wajam.WajamDownloader] =PUP.Wajam
[HKLM\Software\Classes\wajam.WajamDownloader.1] =PUP.Wajam
[HKLM\Software\Wow6432Node\Classes\wajam.WajamBHO] =PUP.Wajam
[HKLM\Software\Wow6432Node\Classes\wajam.WajamBHO.1] =PUP.Wajam
[HKLM\Software\Wow6432Node\Classes\wajam.WajamDownloader] =PUP.Wajam
[HKLM\Software\Wow6432Node\Classes\wajam.WajamDownloader.1] =PUP.Wajam
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Desk 365 =Hijacker.22Find^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:BrowseForTheCause =Adware.BrowseForTheCause^
C:\Program Files (x86)\BrowseForTheCause =Adware.BrowseForTheCause^
C:\Program Files (x86)\Desk 365 =Hijacker.22Find^
C:\Program Files (x86)\Wajam =PUP.Wajam^
C:\ProgramData\IePluginService =Trojan.SProtector^
C:\ProgramData\WPM =PUP.WpManager^
C:\Users\bureau\AppData\Roaming\Desk 365 =Hijacker.22Find^
C:\Users\bureau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam =PUP.Wajam^
C:\Program Files (x86)\Common Files\337 =Hijacker.22find
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desk 365 =Hijacker.22find
C:\Users\bureau\AppData\Local\Temp\Desk365 =Hijacker.22find
C:\Program Files (x86)\BrowseForTheCause\BrowseForTheCause.exe =Adware.BrowseForTheCause^
C:\Program Files (x86)\Desk 365\deskSvc.exe =Hijacker.22Find^
C:\ProgramData\IePluginService\PluginService.exe =Trojan.SProtector^
C:\ProgramData\WPM\wprotectmanager.exe =PUP.WpManager^
C:\Program Files (x86)\Desk 365\desk365.exe =Hijacker.22Find^
[HKCU\Software\Wajam] =PUP.Wajam^
[HKLM\Software\Wow6432Node\Wpm] =PUP.WpManager^
[HKLM\Software\Wow6432Node\supWPM] =PUP.WpManager^
C:\Users\bureau\AppData\Local\Temp\adks_nationzoom.exe =Hijacker.NationZoom^
C:\Users\bureau\AppData\Local\Temp\uninst1.exe =PUP.Babylon^
C:\Users\bureau\AppData\Local\Temp\Wajam_download.exe =PUP.Wajam^
~ Additionnel Scan: 240104 Items scanned in 01mn 53s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blo ... orthecause =Adware.BrowseForTheCause
~ http://nicolascoolman.webs.com/apps/blo ... ker-22find =Hijacker.22Find
~ http://nicolascoolman.webs.com/apps/blo ... sprotector =Trojan.SProtector
~ http://nicolascoolman.webs.com/apps/blo ... -wpmanager =PUP.WpManager
~ http://nicolascoolman.webs.com/apps/blo ... -awesomehp =PUP.Awesomehp
~ http://nicolascoolman.webs.com/apps/blo ... nationzoom =Hijacker.NationZoom
~ http://nicolascoolman.webs.com/apps/blo ... lbar-wajam =PUP.Wajam
~ http://nicolascoolman.webs.com/apps/blo ... ar-babylon =PUP.Babylon
~ http://nicolascoolman.webs.com/apps/blo ... v9software =PUP.V9Software
~ MSI: 9 link(s) detected in 01mn 53s
~ 1185 Legitimates filtered by white list
End of the scan (529 lines in 11mn 22s)(0)
Comment puis je faire pour me débarrasser de awesomehp?
MERCI
J'ai essayé de suivre vos instructions pour supprimer awesome hp:
Je vous joins les rapports d'ADW
et de ZHP Diag:
~ Rapport de ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014)
~ Lancé par bureau (28/01/2014 12:11:10)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16476
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Anti-virus firewall
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Internet Security Suite v12.8.903
Windows Defender W7
---\\ Logiciels d'optimisation du système
CCleaner v4.10 =Piriform Ltd
---\\ Logiciels de partage PeerToPeer
µTorrent v3.1.3 =P2P.µTorrent
---\\ Surveillance de Logiciels
---\\ Informations sur le système
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3684 MB (47% free)
System Restore: Activé (Enable)
System drive C: has 1338 GB (96%) free of 1385 GB
---\\ Mode de connexion au système
~ Computer Name: BUREAU-HP
~ User Name: bureau
~ All Users Names: bureau, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\bureau\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\bureau\AppData\Roaming\
~ %Desktop% : C:\Users\bureau\Desktop\
~ %Favorites% : C:\Users\bureau\Favorites\
~ %LocalAppData% : C:\Users\bureau\AppData\Local\
~ %StartMenu% : C:\Users\bureau\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 1338 Go of 1385 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 12 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.06/01/2012 - 05:10:57.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/11/2013 - 08:07:57.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.06/01/2012 - 05:05:40.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 03s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/3
~ Mes musiques (My Musics) : 1/6
~ Mes Favoris (My Favorites) : 1/10
~ Mes Documents (My Documents) : 2/187
~ Mon Bureau (My Desktop) : 1/9
~ Menu demarrer (Programs) : 1/50
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.8748]
[MD5.61E3B5BEE1C10954F53DC07282F2A61C] - (.Logitech Inc. - Logitech Vid HD.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [6129496] [PID.3296]
[MD5.11E8D8272FDBE213ADE3DAD91427CE35] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [11322880] [PID.2092]
[MD5.B332E8E6EA1E0A8C6A889A7013E8F665] - (.F-Secure Corporation - F-Secure Settings and Statistics.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSM32.exe [201376] [PID.8352]
[MD5.A2418D3C557C0A0C634DA713A8AC3789] - (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336] [PID.5724]
[MD5.8AC10EC7431ABCB52A74CC9236907EB7] - (.CANON INC. - Canon Quick Menu.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.exe [1282120] [PID.5824]
[MD5.0CFBE0CB0AB8FF450A631DD80F82B7BD] - (...) -- C:\Program Files (x86)\BrowseForTheCause\BrowseForTheCause.exe [3744104] [PID.7376] =Adware.BrowseForTheCause
[MD5.2337EC951C4AF6E1AF65D10BD9615BEB] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [11314688] [PID.5280]
[MD5.26B54BFD5CBC33FA1D71FBE87849289B] - (.CANON INC. - Canon Quick Menu Updater.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.exe [1088088] [PID.9328]
[MD5.CEFE852859CBCA9BA15DB6EE7F0DD6A5] - (.CANON INC. - Canon Quick Menu Image Display.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe [989800] [PID.7972]
[MD5.C8A8321292A459B0A17FB39A782A5C74] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [806096] [PID.2660]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.1272]
[MD5.67A95B9D129ED5399E7965CD09CF30E7] - (.Logitech Inc. - Logitech User mode UMVPF service.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848] [PID.1044]
[MD5.25FDF58009C2C666FE0A5BB7AA319447] - (.337 Technology Limited. - dsk service.) -- C:\Program Files (x86)\Desk 365\deskSvc.exe [425008] [PID.1284] =Hijacker.22Find
[MD5.D1EBE337782B1F32A52C0C80A98FC08B] - (.Cherished Technololgy LIMITED - IePlugin Service.) -- C:\ProgramData\IePluginService\PluginService.exe [508016] [PID.1440] =Trojan.SProtector
[MD5.39531D54F2AFA4473BB4A97F64E99271] - (.Cherished Technololgy LIMITED - WPM Service.) -- C:\ProgramData\WPM\wprotectmanager.exe [493568] [PID.1480] =PUP.WpManager
[MD5.CA793DCC1D5F619021EF1D37CC7A831E] - (.EasyBits Software AS - Shared EasyBits services for Windows.) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232] [PID.1880]
[MD5.D0968119EAFB486A94DAA3436B89E638] - (.F-Secure Corporation - F-Secure Anti-Virus Scanning Service.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe [221856] [PID.2004]
[MD5.2521186EB2D48F27257DFE019F397E36] - (.F-Secure Corporation - F-Secure Management Agent.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSMA32.exe [189088] [PID.1472]
[MD5.B062ACD6EE9ACB6714ADE76B4AE33965] - (.F-Secure Corporation - F-Secure Gatekeeper Handler 32-bit.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\FSGK32.exe [585256] [PID.1612]
[MD5.C5E4602D85029C666A42890A3B2DFA45] - (.Pas de propriétaire - Inkjet Printer/Scanner/Fax Extended Survey.) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe [140936] [PID.2228]
[MD5.C297CCF95AD7C9CD069507B256F5B954] - (.F-Secure Corporation - F-Secure DLL Hosting Plugin.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSHDLL32.exe [90784] [PID.2292]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2476]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2544]
[MD5.075CDE4F95ED6119B4BA9162876801F8] - (.PDF Complete Inc - Dispatcher.) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952] [PID.1016]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.4048]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.4124]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.4624]
[MD5.45303CDBC1FD8F8D371E726BF126F771] - (.F-Secure Corporation - F-Secure ORSP Service.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe [60352] [PID.3692]
[MD5.9EE8B661C4672E44B64666704F2EAD70] - (.F-Secure Corporation - F-Secure Scanner Manager 32-bit.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fssm32.exe [1078312] [PID.4756]
[MD5.20C3D8E800F3BDDC763A81166411A6DA] - (.F-Secure Corporation - F-Secure Anti-Virus Handler 32-bit.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fsav32.exe [563648] [PID.8844]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.1728]
~ Processes Running: Scanned in 00mn 06s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\bureau\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www.awesomehp.com =PUP.Awesomehp
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.awesomehp.com =PUP.Awesomehp
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pkndmigholgfjlniaohblojbhgjbkakn] Lightning speedDial v.1.1.7, (Activé)
~ Google Browser: 15 Legitimates Filtered in 00mn 01s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\bureau\AppData\Roaming\Mozilla\Firefox\Profiles\63pctuxd.default\prefs.js
M3 - MFPP: Plugins - [bureau] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\awesomehp.xml =PUP.Awesomehp
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll
~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.nationzoom.com =Hijacker.NationZoom
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoom.com =Hijacker.NationZoom
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoom.com =Hijacker.NationZoom
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoom.com =Hijacker.NationZoom
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoom.com =Hijacker.NationZoom
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoom.com =Hijacker.NationZoom
~ IE Browser: 17 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: IETabPage Class [64Bits] - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\SupTab\SupTab.dll
O2 - BHO: Wajam IE BHO [64Bits] - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} . (.Wajam - Wajam Internet Explorer Add-on.) -- C:\Program Files (x86)\Wajam\IE\priam_bho.dll =PUP.Wajam
~ BHO: 10 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
O3 - Toolbar: Canon Easy-WebPrint EX - [HKLM]{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} . (.CANON INC. - Easy-WebPrint EX.) -- C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =P2P.BitTorrent
O4 - GS\Program [Public]: Garantie.lnk . (...) -- C:\SWSETUP\HP Documentation\Warranty\Warranty.pdf
O4 - GS\QuickLaunch [bureau]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.nationzoom.com =Hijacker.NationZoom
O4 - GS\TaskBar [bureau]: hpDST.lnk . (.Hewlett-Packard Company - Setup Manager.) -- C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe
O4 - GS\TaskBar [bureau]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com =Hijacker.NationZoom
O4 - GS\Program [bureau]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com =Hijacker.NationZoom
O4 - GS\SystemTools [bureau]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com =Hijacker.NationZoom
O4 - GS\SendTo [bureau]: Desk 365.lnk . (.337 Technology Limited. - Desk 365 application.) -- C:\Program Files (x86)\Desk 365\desk365.exe =Hijacker.22Find
~ Global Startup: 59 Legitimates Filtered in 00mn 07s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [bureau]: OpenOffice.org 3.3.lnk . (...) -- C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =.Microsoft Corporation
O4 - HKCU\..\Run: [NBJ] . (.Ahead Software AG - Nero BackItUp Scheduler Application.) -- C:\Program Files (x86)\Ahead\Nero BackItUp\NBJ.exe
O4 - HKCU\..\Run: [Logitech Vid] . (.Logitech Inc. - Logitech Vid HD.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =.Skype Technologies S.A.
O4 - HKCU\..\Run: [Desk 365] . (.337 Technology Limited. - Desk 365 application.) -- C:\Program Files (x86)\Desk 365\desk365.exe =Hijacker.22Find
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [Easybits Recovery] . (.EasyBits Software AS - Pas de description.) -- C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe =.EasyBits Software AS
O4 - HKLM\..\Wow6432Node\Run: [PDF Complete] . (.PDF Complete Inc - Sentry for PDF.) -- C:\Program Files (x86)\PDF Complete\pdfsty.exe =.PDF Complete Inc
O4 - HKLM\..\Wow6432Node\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [F-Secure Manager] . (.F-Secure Corporation - F-Secure Settings and Statistics.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSM32.exe
O4 - HKLM\..\Wow6432Node\Run: [F-Secure TNB] . (.F-Secure Corporation - TNBUtil.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe
O4 - HKLM\..\Wow6432Node\Run: [LWS] . (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe =.Logitech Inc
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [CanonQuickMenu] . (.CANON INC. - Canon Quick Menu.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.exe
O4 - HKLM\..\Wow6432Node\Run: [BrowseForTheCause] . (...) -- C:\Program Files (x86)\BrowseForTheCause\BrowseForTheCause.exe =Adware.BrowseForTheCause
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-21-1078799100-2399800588-3598546305-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-21-1078799100-2399800588-3598546305-1000\..\Run: [NBJ] . (.Ahead Software AG - Nero BackItUp Scheduler Application.) -- C:\Program Files (x86)\Ahead\Nero BackItUp\NBJ.exe
O4 - HKUS\S-1-5-21-1078799100-2399800588-3598546305-1000\..\Run: [Logitech Vid] . (.Logitech Inc. - Logitech Vid HD.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
O4 - HKUS\S-1-5-21-1078799100-2399800588-3598546305-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1078799100-2399800588-3598546305-1000\..\Run: [Desk 365] . (.337 Technology Limited. - Desk 365 application.) -- C:\Program Files (x86)\Desk 365\desk365.exe =Hijacker.22Find
~ Application: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2090D895-713B-49D9-A440-3E5D50C4C657}: NameServer = 76.73.6.26,50.7.75.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 76.73.6.26,50.7.75.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{2090D895-713B-49D9-A440-3E5D50C4C657}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2090D895-713B-49D9-A440-3E5D50C4C657}: NameServer = 76.73.6.26,50.7.75.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 76.73.6.26,50.7.75.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{2090D895-713B-49D9-A440-3E5D50C4C657}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{2090D895-713B-49D9-A440-3E5D50C4C657}: NameServer = 76.73.6.26,50.7.75.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 76.73.6.26,50.7.75.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{2090D895-713B-49D9-A440-3E5D50C4C657}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Desk 365 service (desksvc) . (.337 Technology Limited. - dsk service.) - C:\Program Files (x86)\Desk 365\deskSvc.exe =Hijacker.22Find
O23 - Service: IePlugin Service (IePluginService) . (.Cherished Technololgy LIMITED - IePlugin Service.) - C:\ProgramData\IePluginService\PluginService.exe =Trojan.SProtector
O23 - Service: Wpm Service (Wpm) . (.Cherished Technololgy LIMITED - WPM Service.) - C:\ProgramData\WPM\wprotectmanager.exe =PUP.WpManager
~ Services: 24 Legitimates Filtered in 01mn 04s
---\\ Tâches planifiées en automatique (O39)
[MD5.0CFBE0CB0AB8FF450A631DD80F82B7BD] [APT] [BrowseForTheCauseUpdate] (...) -- C:\Program Files (x86)\BrowseForTheCause\BrowseForTheCause.exe [3744104] =Adware.BrowseForTheCause
[MD5.9E195DD48C0341CEB109B5DC567854E1] [APT] [Desk 365 RunAsStdUser] (.337 Technology Limited..) -- C:\Program Files (x86)\Desk 365\desk365.exe [1013808] =Hijacker.22Find
~ Scheduled Task: 27 Legitimates Filtered in 00mn 10s
---\\ Logiciels installés (O42)
O42 - Logiciel: Browse for the Cause - (...) [HKLM][64Bits] -- BrowseForTheCause =Adware.BrowseForTheCause
O42 - Logiciel: Desk 365 - (.337 Technology Limited..) [HKLM][64Bits] -- Desk 365 =Hijacker.22Find
O42 - Logiciel: IePluginService12.27.0.3326 - (.Cherished Technololgy LIMITED.) [HKLM][64Bits] -- IePlugins =Trojan.SProtector
O42 - Logiciel: SupTab - (...) [HKLM][64Bits] -- SupTab
O42 - Logiciel: WPM17.8.0.3325 - (.Cherished Technololgy LIMITED.) [HKLM][64Bits] -- WPM =PUP.WpManager
O42 - Logiciel: Wajam - (.Wajam.) [HKLM][64Bits] -- Wajam =PUP.Wajam
~ Logic: 50 Legitimates Filtered in 00mn 02s
---\\ HKCU HKLM Software Keys
[HKCU\Software\BrowseForTheCause] =Adware.BrowseForTheCause
[HKCU\Software\Wajam] =PUP.Wajam
[HKLM\Software\Wow6432Node\V9]
[HKLM\Software\Wow6432Node\Wpm] =PUP.WpManager
[HKLM\Software\Wow6432Node\deskSvc]
[HKLM\Software\Wow6432Node\supTab]
[HKLM\Software\Wow6432Node\supWPM] =PUP.WpManager
~ Key Software: 350 Legitimates Filtered in 00mn 02s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/01/2014 - 11:35:12 - [3,571] ----D C:\Program Files (x86)\BrowseForTheCause =Adware.BrowseForTheCause
O43 - CFD: 28/01/2014 - 11:41:37 - [10,575] ----D C:\Program Files (x86)\Desk 365 =Hijacker.22Find
O43 - CFD: 27/02/2012 - 16:10:12 - [102,933] ----D C:\Program Files (x86)\Free VCL
O43 - CFD: 28/01/2014 - 11:33:40 - [2,315] ----D C:\Program Files (x86)\SupTab
O43 - CFD: 28/01/2014 - 11:36:55 - [0,892] ----D C:\Program Files (x86)\Wajam =PUP.Wajam
O43 - CFD: 28/01/2014 - 11:34:39 - [33,331] ----D C:\Program Files (x86)\Common Files\337
O43 - CFD: 28/01/2014 - 11:33:41 - [0,484] ----D C:\ProgramData\IePluginService =Trojan.SProtector
O43 - CFD: 28/01/2014 - 11:32:57 - [0,471] ----D C:\ProgramData\WPM =PUP.WpManager
O43 - CFD: 06/01/2012 - 05:28:07 - [44,625] ----D C:\ProgramData\{95164853-C885-4648-BEAA-E04328156EF0}
O43 - CFD: 28/01/2014 - 11:45:20 - [17,496] ----D C:\Users\bureau\AppData\Roaming\Desk 365 =Hijacker.22Find
O43 - CFD: 28/01/2014 - 11:36:33 - [0,031] ----D C:\Users\bureau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam =PUP.Wajam
~ 9 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 185 Legitimates Filtered in 00mn 41s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.95D7F3E59526D4B280276423A243478A] - 28/01/2014 - 11:36:55 ---A- . (...) -- C:\end [5529]
~ Files: 24 Legitimates Filtered in 03mn 58s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.7315593DAE6C00E378B3A812640AE44E] - 02/09/2005 - 01:40:26 ---A- . (...) -- C:\Windows\System32\Drivers\FBIKB_NT.Sys [4352]
O58 - SDL:[MD5.F59F2C574AA5D84477EB89F87C938F16] - 12/11/2012 - 16:06:54 ---A- . (...) -- C:\Windows\System32\Drivers\fsbts.sys [56016]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.F87FBE8B104DF9C35CD52909B8D28A4A] - 12/11/2012 - 16:00:59 ---A- . (...) -- C:\Windows\SysWOW64\drivers\fsbts.sys [33408]
~ Drivers: 21 Legitimates Filtered in 00mn 09s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =PUP.Awesomehp
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [bureau - 63pctuxd.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.F24D03DB0A3FAA8688B55211BFB67854] [SPRF][28/01/2014] (.Skytech Co., Ltd. - Skytech.) -- C:\Users\bureau\AppData\Local\Temp\adks_nationzoom.exe [885400] =Hijacker.NationZoom
[MD5.0CFBE0CB0AB8FF450A631DD80F82B7BD] [SPRF][28/01/2014] (...) -- C:\Users\bureau\AppData\Local\Temp\forcause-ak.exe [3744104]
[MD5.3DF9C822FFD4245403113A555A27357F] [SPRF][12/01/2014] (...) -- C:\Users\bureau\AppData\Local\Temp\Quarantine.exe [360073]
[MD5.27223EA1C4ED2BFE0685161DC0555FB8] [SPRF][28/01/2014] (...) -- C:\Users\bureau\AppData\Local\Temp\temp.bat [297]
[MD5.B0F6507F8666E89DD9F192313D88EB98] [SPRF][16/06/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\bureau\AppData\Local\Temp\uninst1.exe [389632] =PUP.Babylon
[MD5.CDC339910694FD0C5BEFAAC38261CD06] [SPRF][28/01/2014] (...) -- C:\Users\bureau\AppData\Local\Temp\Wajam_download.exe [61632] =PUP.Wajam
~ Files: 6 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Demand 02/08/2013 602944 | (McODS) . (.McAfee, Inc..) - C:\Program Files\McAfee\VirusScan\mcods.exe
SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 25/10/2013 114176 | (WajamUpdaterV3) . (.Wajam.) - C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe =PUP.Wajam
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =.Microsoft Corporation
SR - | Auto 01/07/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 28/01/2014 425008 | (desksvc) . (.337 Technology Limited..) - C:\Program Files (x86)\Desk 365\deskSvc.exe =Hijacker.22Find
SR - | Auto 10/07/1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe =.EasyBits Software AS
SR - | Auto 12/08/2011 221856 | (F-Secure Gatekeeper Handler Starter) . (.F-Secure Corporation.) - C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe
SR - | Demand 12/08/2011 907936 | (FSDFWD) . (.F-Secure Corporation.) - C:\Program Files (x86)\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe
SR - | Auto 12/08/2011 189088 | (FSMA) . (.F-Secure Corporation.) - C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSMA32.exe
SR - | Demand 06/06/2013 60352 | (FSORSPClient) . (.F-Secure Corporation.) - C:\Program Files (x86)\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe
SR - | Auto 30/07/2013 328928 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 11/10/2010 346168 | (HPClientSvc) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
SR - | Auto 14/01/2014 508016 | (IePluginService) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\IePluginService\PluginService.exe =Trojan.SProtector
SR - | Auto 14/05/2013 140936 | (IJPLMSVC) . (...) - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 31/08/2012 201304 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
SR - | Auto 28/11/2013 178048 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Auto 30/07/2013 328928 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 26/11/2013 1025232 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 04/11/2013 219272 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 04/11/2013 182752 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 30/07/2013 328928 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 06/05/2011 1128952 | (pdfcDispatcher) . (.PDF Complete Inc.) - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
SR - | Auto 18/01/2012 450848 | (UMVPFSrv) . (.Logitech Inc..) - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
SR - | Auto 28/01/2014 493568 | (Wpm) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\WPM\wprotectmanager.exe =PUP.WpManager
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 34s
---\\ Scan Additionnel (O88)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 36
Valeurs trouvées (Values found) : 8
Dossiers trouvés (Folders found) : 10
Fichiers trouvés (Files found) : 12
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =PUP.Wajam^
[HKLM\SYSTEM\CurrentControlSet\Services\desksvc] =Hijacker.22Find^
[HKLM\SYSTEM\CurrentControlSet\Services\IePluginService] =Trojan.SProtector^
[HKLM\SYSTEM\CurrentControlSet\Services\Wpm] =PUP.WpManager^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BrowseForTheCause] =Adware.BrowseForTheCause^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Desk 365] =Hijacker.22Find^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins] =Trojan.SProtector^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM] =PUP.WpManager^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Wajam] =PUP.Wajam^
[HKLM\Software\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}] =Toolbar.Wajam
[HKLM\Software\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}] =Toolbar.Wajam
[HKLM\Software\Wow6432Node\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}] =Toolbar.Wajam
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =PUP.V9Software
[HKLM\Software\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}] =Toolbar.Wajam
[HKLM\Software\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}] =Toolbar.Wajam
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =Toolbar.Agent
[HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =Toolbar.Wajam
[HKLM\Software\Wow6432Node\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =Toolbar.Wajam
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater] =Toolbar.Wajam
[HKCU\Software\BrowseForTheCause] =Adware.BrowseForTheCause
[HKLM\Software\Wow6432Node\BrowseForTheCause] =Adware.BrowseForTheCause
[HKLM\Software\Classes\AppID\priam_bho.DLL] =Toolbar.Wajam
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Desk 365] =Hijacker.22find
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] =Hijacker.22find
[HKLM\Software\Classes\wajam.WajamBHO] =PUP.Wajam
[HKLM\Software\Classes\wajam.WajamBHO.1] =PUP.Wajam
[HKLM\Software\Classes\wajam.WajamDownloader] =PUP.Wajam
[HKLM\Software\Classes\wajam.WajamDownloader.1] =PUP.Wajam
[HKLM\Software\Wow6432Node\Classes\wajam.WajamBHO] =PUP.Wajam
[HKLM\Software\Wow6432Node\Classes\wajam.WajamBHO.1] =PUP.Wajam
[HKLM\Software\Wow6432Node\Classes\wajam.WajamDownloader] =PUP.Wajam
[HKLM\Software\Wow6432Node\Classes\wajam.WajamDownloader.1] =PUP.Wajam
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Desk 365 =Hijacker.22Find^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:BrowseForTheCause =Adware.BrowseForTheCause^
C:\Program Files (x86)\BrowseForTheCause =Adware.BrowseForTheCause^
C:\Program Files (x86)\Desk 365 =Hijacker.22Find^
C:\Program Files (x86)\Wajam =PUP.Wajam^
C:\ProgramData\IePluginService =Trojan.SProtector^
C:\ProgramData\WPM =PUP.WpManager^
C:\Users\bureau\AppData\Roaming\Desk 365 =Hijacker.22Find^
C:\Users\bureau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam =PUP.Wajam^
C:\Program Files (x86)\Common Files\337 =Hijacker.22find
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desk 365 =Hijacker.22find
C:\Users\bureau\AppData\Local\Temp\Desk365 =Hijacker.22find
C:\Program Files (x86)\BrowseForTheCause\BrowseForTheCause.exe =Adware.BrowseForTheCause^
C:\Program Files (x86)\Desk 365\deskSvc.exe =Hijacker.22Find^
C:\ProgramData\IePluginService\PluginService.exe =Trojan.SProtector^
C:\ProgramData\WPM\wprotectmanager.exe =PUP.WpManager^
C:\Program Files (x86)\Desk 365\desk365.exe =Hijacker.22Find^
[HKCU\Software\Wajam] =PUP.Wajam^
[HKLM\Software\Wow6432Node\Wpm] =PUP.WpManager^
[HKLM\Software\Wow6432Node\supWPM] =PUP.WpManager^
C:\Users\bureau\AppData\Local\Temp\adks_nationzoom.exe =Hijacker.NationZoom^
C:\Users\bureau\AppData\Local\Temp\uninst1.exe =PUP.Babylon^
C:\Users\bureau\AppData\Local\Temp\Wajam_download.exe =PUP.Wajam^
~ Additionnel Scan: 240104 Items scanned in 01mn 53s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blo ... orthecause =Adware.BrowseForTheCause
~ http://nicolascoolman.webs.com/apps/blo ... ker-22find =Hijacker.22Find
~ http://nicolascoolman.webs.com/apps/blo ... sprotector =Trojan.SProtector
~ http://nicolascoolman.webs.com/apps/blo ... -wpmanager =PUP.WpManager
~ http://nicolascoolman.webs.com/apps/blo ... -awesomehp =PUP.Awesomehp
~ http://nicolascoolman.webs.com/apps/blo ... nationzoom =Hijacker.NationZoom
~ http://nicolascoolman.webs.com/apps/blo ... lbar-wajam =PUP.Wajam
~ http://nicolascoolman.webs.com/apps/blo ... ar-babylon =PUP.Babylon
~ http://nicolascoolman.webs.com/apps/blo ... v9software =PUP.V9Software
~ MSI: 9 link(s) detected in 01mn 53s
~ 1185 Legitimates filtered by white list
End of the scan (529 lines in 11mn 22s)(0)
Comment puis je faire pour me débarrasser de awesomehp?
MERCI
Bonjour,