virus HKCUSoftwareVB and VBA Program SettingsINSTAL

virus HKCUSoftwareVB and VBA Program SettingsINSTAL#102068

par chandrakauns. - sam. 8 févr. 2014 09:17

- sam. 8 févr. 2014 09:17 #102068

mon pc est infecté par: virus HKCU\Software\VB and VBA Program Settings\INSTAL j'ai utilisé malwarebytes pro qui le reconnait mais ne peut le supprimer. j'ai utilisé aussi reg cleaner et plusieurs log anti rootkit, mon antivirus eset smart ne le voit pas il se réinitialise avec winrar qui m'annonce un fichier corrompu .j'ai utilisé otl qui a généré un rapport gigantesque.j'ai tenté tout ce que j'ai trouvé sur le net sans succes. merci de votre aide.

virus HKCUSoftwareVB and VBA Program SettingsINSTAL#102093

par 2011N2 - sam. 8 févr. 2014 11:20

- sam. 8 févr. 2014 11:20 #102093

Bonjour,

Pour mieux recevoir les réponses, tu peux t'inscrire au forum (plus d'informations ici).

Peux-tu poster le rapport MBAM STP ?

Gabriel.

Re: virus HKCU\Software\VB and VBA Program Settings\INSTAL#102121

par chandrakauns - sam. 8 févr. 2014 11:51

- sam. 8 févr. 2014 11:51 #102121

mon pc est infecté par: virus HKCU\Software\VB and VBA Program Settings\INSTAL j'ai utilisé malwarebytes pro qui le reconnait mais ne peut le supprimer. j'ai utilisé aussi reg cleaner et plusieurs log anti rootkit, mon antivirus eset smart ne le voit pas il se réinitialise avec winrar qui m'annonce un fichier corrompu .j'ai utilisé otl qui a généré un rapport gigantesque.j'ai tenté tout ce que j'ai trouvé sur le net sans succes. merci de votre aide.

je suis inscrit au forum, merci de prendre en considération mon probleme voilà le rapport mbam:
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
http://www.malwarebytes.org

Version de la base de données: v2014.02.07.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Nathan :: ORDINATEUR [administrateur]

Protection: Activé

08/02/2014 10:41:10
mbam-log-2014-02-08 (10-41-10).txt

Type d'examen: Examen complet (C:\|D:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 363618
Temps écoulé: 50 minute(s), 31 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) - Mis en quarantaine et supprimé avec succès.

Valeur(s) du Registre détectée(s): 1
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce|sidebar (Trojan.Agent) - Données: C:\Users\Nathan\AppData\Roaming\Sample.lnk - Mis en quarantaine et supprimé avec succès.

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)

virus HKCUSoftwareVB and VBA Program SettingsINSTAL#102128

par 2011N2 - sam. 8 févr. 2014 12:22

- sam. 8 févr. 2014 12:22 #102128

Re,

OK.

Fais un diagnostic de ton PC avec ZHPDiag et poste le rapport hébergé : http://www.forum-entraide-informatique. ... g-tutoriel

Gabriel.

Re: virus HKCU\Software\VB and VBA Program Settings\INSTAL#102583

par chandrakauns - sam. 8 févr. 2014 21:48

- sam. 8 févr. 2014 21:48 #102583

[quote="2011N2"]Re,

OK.

Fais un diagnostic de ton PC avec ZHPDiag et poste le rapport hébergé : http://www.forum-entraide-informatique. ... g-tutoriel

Gabriel. [/quoterapport :Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 45 Legitimates Filtered in 00mn 00s

---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/11/2013 - 08:07:57.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 3/1256
~ Mes musiques (My Musics) : 6/2388
~ Mes Videos (My Videos) : 1/37
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 5/4553
~ Mon Bureau (My Desktop) : 1/39
~ Menu demarrer (Programs) : 1/45
~ Hidden Files: Scanned in 00mn 00s

---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2704]
[MD5.E52D0E4549EDB9FE5C1739E98105DC4D] - (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3813712] [PID.2840]
[MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.4008]
[MD5.112918781F4E0E5A123DC760948E81EB] - (.FSL - Powerful replacement of Win Built-In Search.) -- C:\Program Files (x86)\FSL\SuperFinder\SuperFinder.exe [2081792] [PID.3668]
[MD5.34AA912DEFA18C2C129F1E09D75C1D7E] - (.Microsoft Corporation - Visual Basic Command Line Compiler.) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe [1169224] [PID.3284]
[MD5.BDEFC081D02C162DCB90738BE432D66B] - (.Easybits - Software update notification.) -- C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504] [PID.2612]
[MD5.FFC67949EF7C2BF307ED91B293581DD2] - (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\opera.exe [879456] [PID.656]
[MD5.47D7F5E049E3FAA24176FB92859C552B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8333824] [PID.4924]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1476]
[MD5.A5BEA0E5C297F5F3835638A87E512FBA] - (.Creative Technology Ltd - CTDevSrv Window Service Application.) -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440] [PID.1568]
[MD5.C7BB95CF9631AA401E4ADED1648F6AF7] - (.ESET - ESET Service.) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [974944] [PID.1600]
[MD5.CA793DCC1D5F619021EF1D37CC7A831E] - (.EasyBits Software AS - Shared EasyBits services for Windows.) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232] [PID.1680]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1928]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.1952]
[MD5.9C1D7006D7EC85BE953C56570BB7B30E] - (.PDF Complete Inc - Dispatcher.) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448] [PID.1980]
[MD5.958E956E119EB7B9ABA142AFED1B5FF4] - (...) -- C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe [186760] [PID.2044]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176] [PID.3184]
~ Processes Running: Scanned in 00mn 00s

---\\ Opera, Plugins,Démarrage,Recherche (P1,B0,B1)
B1 - OSP: search.ini [Nathan] URL=http://mystart.incredimail.com/mb68/?lo ... 9636414028 =Spyware.VMNToolbar
B1 - OSP: search.ini [Nathan] URL=http://start.mysearchdial.com/?f=4q=%s =Adware.MyWebSearch
~ Opera Browser: 3 Legitimates Filtered in 00mn 00s

---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www.awesomehp.com =PUP.Awesomehp
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.awesomehp.com =PUP.Awesomehp
G0 - GCSP: Preference [User Data\Default] http://www.awesomehp.com =PUP.Awesomehp
G2 - GCE: Preference [User Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé)
~ Google Browser: 14 Legitimates Filtered in 00mn 12s

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [@lightspark.github.com/Lightspark;version=1] - (.Pas de propriétaire - Flash.) -- C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll
~ Firefox Browser: 6 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =PUP.Awesomehp
~ IE Browser: 20 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = =Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8888;https=127.0.0.1:8888 =Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 60

---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Bing Bar - [HKLM]{eec0f710-38b5-4aba-99bf-ec87564a4e13} . (.Microsoft Corporation. - Bing Client Extensions.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll =Toolbar.Bing
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Aggiorna ESET license.lnk . (.GuillerSoft - Lanzador de ESET Antivirus License Finder (.) -- C:\Program Files (x86)\ESET\MiNODLogin\launcher.exe
O4 - GS\Desktop [Public]: Applian Director.lnk . (.Applian Technologies Inc. - Applian Director.) -- C:\Program Files (x86)\Applian Director\Director.exe
O4 - GS\Desktop [Public]: Creative Centrale.lnk . (.Creative Technology Ltd - Creative Centrale.) -- C:\Program Files (x86)\Creative\Creative Centrale\Centrale.exe
O4 - GS\Desktop [Public]: Enregistrement du produit Creative.lnk . (.Creative Technology Ltd - Product Registration Program.) -- C:\Program Files (x86)\Creative\Enregistrement du produit\French\InetReg.exe
O4 - GS\Desktop [Public]: EPSON File Manager.lnk . (.SEIKO EPSON CORPORATION - EPSON File Manager.) -- C:\Program Files (x86)\epson\Creativity Suite\File Manager\EFileManager.exe
O4 - GS\Desktop [Public]: EPSON Scan.lnk . (.SEIKO EPSON CORP. - EPSON Scan.) -- C:\Windows\twain_32\escndv\escndv.exe
O4 - GS\Desktop [Public]: foobar2000.lnk . (...) -- C:\Program Files (x86)\foobar2000\foobar2000.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com =PUP.Awesomehp
O4 - GS\Desktop [Public]: Magic Desktop.lnk . (.EasyBits Software AS - EasyBits Security Shield.) -- C:\Program Files (x86)\EasyBits For Kids\ezSecShield.exe =.EasyBits Software AS
O4 - GS\Desktop [Public]: Medieval CUE Splitter.lnk . (...) -- C:\Program Files (x86)\Medieval Software\Medieval CUE Splitter\CUE_Splitter.exe
O4 - GS\Desktop [Public]: mIRC.lnk . (.mIRC Co. Ltd. - mIRC.) -- C:\Program Files (x86)\mIRC\mirc.exe
O4 - GS\Desktop [Public]: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\opera.exe http://www.awesomehp.com =PUP.Awesomehp
O4 - GS\Desktop [Public]: ProShow Producer.lnk . (.Photodex - ProShow.) -- C:\Program Files (x86)\Photodex\ProShowProducer\proshow.exe
O4 - GS\Desktop [Public]: Replay Music 5.lnk . (.(Author: Mike Christensen) Applian Technolo - Replay Music.) -- C:\Program Files (x86)\Replay Music 5\ReplayMusic.exe
O4 - GS\Program [Public]: foobar2000.lnk . (...) -- C:\Program Files (x86)\foobar2000\foobar2000.exe
O4 - GS\Program [Public]: Garantie.lnk . (...) -- C:\swsetup\HP Documentation\Warranty\Warranty.pdf
O4 - GS\Program [Public]: Magic Desktop.lnk . (.EasyBits Software AS - EasyBits Security Shield.) -- C:\Program Files (x86)\EasyBits For Kids\ezSecShield.exe =.EasyBits Software AS
O4 - GS\Program [Public]: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\opera.exe http://www.awesomehp.com =PUP.Awesomehp
O4 - GS\QuickLaunch [Nathan]: Applian Director.lnk . (.Applian Technologies Inc. - Applian Director.) -- C:\Program Files (x86)\Applian Director\Director.exe
O4 - GS\QuickLaunch [Nathan]: Arena.lnk . (...) -- C:\Program Files (x86)\DofusArena\UpLauncher.exe
O4 - GS\QuickLaunch [Nathan]: DeepBurner.lnk . (.Astonsoft - CD/DVD recording software.) -- C:\Program Files (x86)\Astonsoft\DeepBurner\DeepBurner.exe
O4 - GS\QuickLaunch [Nathan]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com =PUP.Awesomehp
O4 - GS\QuickLaunch [Nathan]: GrabIt.lnk . (...) -- C:\Program Files (x86)\GrabIt\GrabIt.exe
O4 - GS\QuickLaunch [Nathan]: ID3 Tag Editor.lnk . (.Abyssmedia.com - ID3 Tag Editor.) -- C:\Program Files (x86)\Abyssmedia\ID3 Tag Editor\tageditor.exe
O4 - GS\QuickLaunch [Nathan]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.awesomehp.com =PUP.Awesomehp
O4 - GS\QuickLaunch [Nathan]: ProShow Producer.lnk . (.Photodex - ProShow.) -- C:\Program Files (x86)\Photodex\ProShowProducer\proshow.exe
O4 - GS\QuickLaunch [Nathan]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Nathan\AppData\Roaming\uTorrent\uTorrent.exe =BitTorrent
O4 - GS\TaskBar [Nathan]: AUTO-POST 2000.lnk . (...) -- C:\Users\Nathan\Pictures\YencPowerPostAA11b_FR.exe
O4 - GS\TaskBar [Nathan]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com =PUP.Awesomehp
O4 - GS\TaskBar [Nathan]: HP LinkUp Viewer.lnk . (.Hewlett-Packard Company - HP LinkUp Viewer.) -- C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
O4 - GS\TaskBar [Nathan]: hpDST.lnk . (.Hewlett-Packard Company - Setup Manager.) -- C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe
O4 - GS\TaskBar [Nathan]: Opera11.50 1074.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\opera.exe http://www.awesomehp.com =PUP.Awesomehp
O4 - GS\Program [Nathan]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =PUP.Awesomehp
O4 - GS\Program [Nathan]: WipeFile.lnk . (.Werner Rumpeltesz - WipeFile.) -- C:\Users\Nathan\Pictures\WipeFile.exe
O4 - GS\SystemTools [Nathan]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =PUP.Awesomehp
O4 - GS\SendTo [Nathan]: WipeFile.lnk . (...) -- C:\Users\Nathan\Documents\WipeFile.exe (.not file.)
O4 - GS\Desktop [Nathan]: Auslogics Disk Defrag.lnk . (.Auslogics - Disk Defrag.) -- C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe
O4 - GS\Desktop [Nathan]: AVS Audio Editor.lnk . (.Online Media Technologies Ltd. - AVS Audio Editor.) -- C:\Program Files (x86)\AVS4YOU\AVSAudioEditor\AVSAudioEditor.exe
O4 - GS\Desktop [Nathan]: AVS Audio Recorder.lnk . (...) -- C:\Program Files (x86)\AVS4YOU\AVSAudioRecorder\AVSAudioRecorder.exe
O4 - GS\Desktop [Nathan]: Continue Codec Package Installation.lnk . (...) -- C:\Users\Nathan\AppData\Local\Temp\ICReinstall_CodecPackage.exe
O4 - GS\Desktop [Nathan]: DeepBurner.lnk . (.Astonsoft - CD/DVD recording software.) -- C:\Program Files (x86)\Astonsoft\DeepBurner\DeepBurner.exe
O4 - GS\Desktop [Nathan]: FileZilla.lnk . (.FileZilla Project - FileZilla FTP Client.) -- C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
O4 - GS\Desktop [Nathan]: GrabIt.lnk . (...) -- C:\Program Files (x86)\GrabIt\GrabIt.exe
O4 - GS\Desktop [Nathan]: hjsplit - Raccourci.lnk . (.Freebyte.com - HJSplit.) -- C:\Users\Nathan\Downloads\hjsplit.exe
O4 - GS\Desktop [Nathan]: HP Support Assistant.lnk . (.Hewlett-Packard Company - HP Support Assistant.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe =.Hewlett-Packard Co
O4 - GS\Desktop [Nathan]: ID3 Tag Editor.lnk . (.Abyssmedia.com - ID3 Tag Editor.) -- C:\Program Files (x86)\Abyssmedia\ID3 Tag Editor\tageditor.exe
O4 - GS\Desktop [Nathan]: MCEdit.lnk . (...) -- C:\Users\Nathan\AppData\Local\MCEdit\MCEditData\main.exe
O4 - GS\Desktop [Nathan]: outils pour trvailler - Raccourci.lnk . (...) -- C:\Users\Nathan\Pictures\outils pour trvailler
O4 - GS\Desktop [Nathan]: RegCleaner.lnk . (...) -- C:\Program Files (x86)\RegCleaner\RegCleanr.exe
O4 - GS\Desktop [Nathan]: SABnzbd.lnk . (...) -- C:\Program Files (x86)\SABnzbd\SABnzbd.exe
O4 - GS\Desktop [Nathan]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Nathan\AppData\Roaming\uTorrent\uTorrent.exe =BitTorrent
~ Global Startup: 117 Legitimates Filtered in 00mn 01s

---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: Aggiorna ESET license.lnk . (.GuillerSoft - Lanzador de ESET Antivirus License Finder (.) -- C:\Program Files (x86)\ESET\MiNODLogin\launcher.exe
O4 - GS\Startup [Nathan]: Super Finder XT.lnk . (.FSL - Powerful replacement of Win Built-In Search.) -- C:\Program Files (x86)\FSL\SuperFinder\SuperFinder.exe
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe =.Hewlett-Packard Co
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =.Microsoft Corporation
O4 - HKLM\..\Run: [egui] . (.ESET - ESET GUI.) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKCU\..\Run: [googletalk] . (.Google - Google Talk.) -- C:\Users\Nathan\AppData\Roaming\Google\Google Talk\googletalk.exe
O4 - HKCU\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKCU\..\Run: [Microsoft® Windows®] . (.Microsoft Corporation - Microsoft® Windows®.) -- C:\Users\Nathan\AppData\Local\Temp\svchos.exe
O4 - HKCU\..\RunOnce: [sidebar] . (...) -- C:\Users\Nathan\AppData\Roaming\Sample.lnk
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [Easybits Recovery] . (.EasyBits Software AS - Pas de description.) -- C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe =.EasyBits Software AS
O4 - HKLM\..\Wow6432Node\Run: [PDF Complete] . (.PDF Complete Inc - Sentry for PDF.) -- C:\Program Files (x86)\PDF Complete\pdfsty.exe =.PDF Complete Inc
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [Magic Desktop for HP notification] . (.Easybits - Software update notification.) -- C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
O4 - HKLM\..\Wow6432Node\Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-21-1910070155-2677529672-188686300-1000\..\Run: [googletalk] . (.Google - Google Talk.) -- C:\Users\Nathan\AppData\Roaming\Google\Google Talk\googletalk.exe
O4 - HKUS\S-1-5-21-1910070155-2677529672-188686300-1000\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKUS\S-1-5-21-1910070155-2677529672-188686300-1000\..\Run: [Microsoft® Windows®] . (.Microsoft Corporation - Microsoft® Windows®.) -- C:\Users\Nathan\AppData\Local\Temp\svchos.exe
O4 - HKUS\S-1-5-21-1910070155-2677529672-188686300-1000\..\RunOnce: [sidebar] . (...) -- C:\Users\Nathan\AppData\Roaming\Sample.lnk
~ Application: Scanned in 00mn 00s

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
O9 - Extra button: Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Notes liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD7B5DBB-5080-43B8-995F-B71967888B65}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{BD7B5DBB-5080-43B8-995F-B71967888B65}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{BD7B5DBB-5080-43B8-995F-B71967888B65}: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s

---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (.not file.) =Toolbar.Conduit
~ AppInit DLL: Scanned in 00mn 00s

---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: ScsiAccess (ScsiAccess) . (...) - C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
~ Services: 14 Legitimates Filtered in 00mn 05s

---\\ Tâches planifiées en automatique (O39)
[MD5.87734D8E0334C11BE5147AE80239FC4D] [APT] [{0F1E95A9-60FC-43FD-B7CB-53F3AC6041B7}] (...) -- C:\Users\Nathan\Pictures\NetPass_2.0.exe [164247]
[MD5.E2CCF45E655AAF5D1AB8731FB0241A50] [APT] [{133D3B8E-AC6B-4DFE-916A-D27184222AD0}] (...) -- C:\Windows\Replay Music\uninstall.exe [473600]
[MD5.FFC67949EF7C2BF307ED91B293581DD2] [APT] [{5C0AE250-9054-482F-B881-2FE25F50C99C}] (.Opera Software.) -- c:\program files (x86)\opera\opera.exe [879456]
[MD5.FFC67949EF7C2BF307ED91B293581DD2] [APT] [{68FE723B-8696-43DD-9689-2386C414FBBD}] (.Opera Software.) -- c:\program files (x86)\opera\opera.exe [879456]
[MD5.81AE27CBD482838F99A2AA537AAC912B] [APT] [{77FC23E5-3655-49CE-BE11-4C707C5CE57D}] (...) -- C:\Users\Nathan\Pictures\epson324565eu.exe [10373632]
[MD5.00000000000000000000000000000000] [APT] [{B18BE69D-43B9-4D2F-A5AB-D83280919FF9}] (...) -- C:\Users\Nathan\Downloads\GrabIt Downloads\Everest Ultimate\Everest Ultimate Edition 5.50.2100.exe (.not file.) [0]
[MD5.FFC67949EF7C2BF307ED91B293581DD2] [APT] [{C2C5562D-230A-4B5A-9BCA-B85984730556}] (.Opera Software.) -- c:\program files (x86)\opera\opera.exe [879456]
[MD5.FFC67949EF7C2BF307ED91B293581DD2] [APT] [{CA8D3317-3EFC-444E-8AEB-E0A1DE840F26}] (.Opera Software.) -- c:\program files (x86)\opera\opera.exe [879456]
[MD5.81AE27CBD482838F99A2AA537AAC912B] [APT] [{D7D137E6-B4FA-4EEF-809C-0512FA16FA05}] (...) -- C:\Users\Nathan\Downloads\GrabIt Downloads\epson324565eu.exe [10373632]
~ Scheduled Task: 37 Legitimates Filtered in 00mn 01s

---\\ Logiciels installés (O42)
O42 - Logiciel: FoxTab Video Converter - (...) [HKCU][64Bits] -- FoxTab Video Converter
O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM][64Bits] -- {18DB3375-0649-4EA3-959A-44F1ACD278BA}
~ Logic: 33 Legitimates Filtered in 00mn 00s

---\\ HKCU HKLM Software Keys
[HKCU\Software\2205]
[HKCU\Software\AutoScan]
[HKCU\Software\IncrediMail]
[HKCU\Software\Pando Networks]
[HKCU\Software\Pinstall]
[HKCU\Software\Zona]
[HKLM\Software\Wow6432Node\IncrediMail]
[HKLM\Software\Wow6432Node\Pando Networks]
[HKLM\Software\Wow6432Node\Wpm] =PUP.WpManager
[HKLM\Software\Wow6432Node\eMusic.com Inc.]
[HKLM\Software\Wow6432Node\flash-Enhancer] =Adware.FlashEnhancer
[HKLM\Software\Wow6432Node\supTab] =PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM] =PUP.WpManager
~ Key Software: 469 Legitimates Filtered in 00mn 00s

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/01/2014 - 22:49:33 - [0] ----D C:\Program Files (x86)\AmiExt =Adware.FlashEnhancer
O43 - CFD: 04/02/2012 - 13:42:23 - [4,924] ----D C:\Program Files (x86)\FSL
O43 - CFD: 30/08/2011 - 13:17:57 - [7,120] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 08/09/2011 - 18:16:59 - [0] ----D C:\ProgramData\IM
O43 - CFD: 08/09/2011 - 18:16:18 - [5,644] ----D C:\ProgramData\IncrediMail
O43 - CFD: 28/01/2014 - 22:50:20 - [0] ----D C:\ProgramData\WPM =PUP.WpManager
O43 - CFD: 31/01/2014 - 22:53:59 - [0] ----D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
O43 - CFD: 31/01/2014 - 22:53:59 - [0] --H-D C:\ProgramData\{26D901A1-2540-4430-81DC-0317F01BD7BE}
O43 - CFD: 31/01/2014 - 22:54:00 - [0] --H-D C:\ProgramData\{A16967D8-8459-420A-8C25-9C9A247D348E}
O43 - CFD: 31/01/2014 - 22:54:00 - [0] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 20/09/2013 - 05:58:35 - [0] RSH-D C:\Users\Nathan\AppData\Roaming\-2122348027
O43 - CFD: 26/07/2013 - 21:08:17 - [0] ----D C:\Users\Nathan\AppData\Roaming\Asni
O43 - CFD: 25/12/2012 - 10:17:21 - [21,789] ----D C:\Users\Nathan\AppData\Roaming\Befy
O43 - CFD: 08/02/2014 - 12:36:14 - [0,182] ----D C:\Users\Nathan\AppData\Roaming\DataWork
O43 - CFD: 26/03/2006 - 14:05:50 - [6,154] ----D C:\Users\Nathan\AppData\Roaming\Defender WIndows
O43 - CFD: 07/11/2012 - 11:00:09 - [15,074] ----D C:\Users\Nathan\AppData\Roaming\Fyuzig
O43 - CFD: 21/07/2013 - 16:00:34 - [3,617] ----D C:\Users\Nathan\AppData\Roaming\Miat
O43 - CFD: 28/01/2014 - 22:31:57 - [1,228] ----D C:\Users\Nathan\AppData\Roaming\newnext.me =PUP.NextLive
O43 - CFD: 21/07/2013 - 16:01:07 - [0] ----D C:\Users\Nathan\AppData\Roaming\Opran
O43 - CFD: 25/12/2012 - 10:17:21 - [0] ----D C:\Users\Nathan\AppData\Roaming\Oqap
O43 - CFD: 07/11/2012 - 11:02:07 - [0] ----D C:\Users\Nathan\AppData\Roaming\Orfiac
O43 - CFD: 01/12/2012 - 10:47:30 - [0] ----D C:\Users\Nathan\AppData\Roaming\Paloma Networks, Inc
O43 - CFD: 21/07/2013 - 16:01:07 - [0] ----D C:\Users\Nathan\AppData\Roaming\Qohy
O43 - CFD: 20/12/2013 - 19:08:40 - [16,331] ----D C:\Users\Nathan\AppData\Roaming\Repplop
O43 - CFD: 05/10/2011 - 15:13:43 - [0] ----D C:\Users\Nathan\AppData\Roaming\Secure-Soft Stealer
O43 - CFD: 25/12/2012 - 16:19:00 - [0] ----D C:\Users\Nathan\AppData\Roaming\Ubkec
O43 - CFD: 17/02/2012 - 16:41:32 - [0] ----D C:\Users\Nathan\AppData\Roaming\xWeasel
O43 - CFD: 25/12/2012 - 15:51:02 - [19,848] ----D C:\Users\Nathan\AppData\Roaming\Ybom
O43 - CFD: 15/11/2013 - 19:05:42 - [0] ----D C:\Users\Nathan\AppData\Roaming\Zona
O43 - CFD: 28/01/2014 - 22:31:44 - [1,224] ----D C:\Users\Nathan\AppData\Local\genienext
O43 - CFD: 08/09/2011 - 18:17:18 - [9,035] ----D C:\Users\Nathan\AppData\Local\IM
O43 - CFD: 06/06/2012 - 16:52:43 - [5,970] ----D C:\Users\Nathan\AppData\Local\mdnslib
~ 3 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 314 Legitimates Filtered in 00mn 02s

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.11FE63A28E3C02957C89AC046493B2D5] - 07/02/2014 - 20:20:20 ---A- . (...) -- C:\DelFix.txt [429]
O44 - LFC:[MD5.5ADC743C4B4473A628194048A90C464F] - 28/01/2014 - 22:32:29 ---A- . (...) -- C:\extensions.ini [76]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 28/01/2014 - 22:32:29 ---A- . (...) -- C:\extensions.sqlite [0]
~ Files: 16 Legitimates Filtered in 00mn 01s

---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s

---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.2285B31039611D509F6120D691CA661F] - 29/05/2012 - 14:53:30 ---A- . (.Windows (R) Codename Longhorn DDK provider - hpvhd 64bit support driver.) -- C:\Windows\System32\Drivers\cpqdfw.sys [27456]
O58 - SDL:[MD5.10FB0FF62AF6262BF88E3607E2AE2A69] - 01/03/2010 - 22:59:50 ---A- . (...) -- C:\Windows\System32\Drivers\cqcpu.sys [24376]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 20 Legitimates Filtered in 00mn 00s

---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.awesomehp.com =PUP.Awesomehp
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Opera\Opera.exe" http://www.awesomehp.com =PUP.Awesomehp
~ Keys: Scanned in 00mn 00s

---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {2F716A55-CD6D-40E0-168C-018DBF0BE544} - (Yahoo!) - http://klit.startnow.com =Adware.Zugo
O69 - SBI: SearchScopes [HKCU] {6471B9F9-068F-4BDF-BFCB-490CC642AF91} - (Propositions de recherche Amazon.fr) - http://www.amazon.fr
O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com =Toolbar.eBay
~ Keys: Scanned in 00mn 00s

---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.F9D7CE3A9E304ADE95BCACC97D3FD372] [SPRF][18/07/2011] (...) -- C:\ProgramData\hash.dat [32]
[MD5.90302ADC4ED6C46B73D826E22F2DA0C7] [SPRF][12/09/2012] (...) -- C:\Users\Nathan\AppData\Roaming\Nathanv1.18.0 - Trial versionlog.dat [214033]
[MD5.F2D30FE7204C951074CE346053E99988] [SPRF][14/12/2011] (.Subagames.com - Cross Fire Setup.) -- C:\Users\Nathan\Desktop\CrossFire_BigDownload_v1007.exe [281976437]
[MD5.D7966A47327C7C9DC82A068695F447FB] [SPRF][18/11/2011] (...) -- C:\Users\Nathan\Desktop\MCEdit-stable33-win32-setup.exe [10629010]
[MD5.04BB1E67BD254AE93E4536FE72E043EC] [SPRF][01/11/2011] (.Altered Softworks - MCSkin3D.) -- C:\Users\Nathan\Desktop\MCSkin3D.exe [11808768]
[MD5.482EF087741898E0579C47F590375953] [SPRF][14/12/2011] (.Softonic - Softonic Downloader.) -- C:\Users\Nathan\Desktop\SoftonicDownloader_pour_cross-fire.exe [319584] =Toolbar.Conduit
~ Files: 9 Legitimates Filtered in 00mn 04s

---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "5733BD8194603AE459A9441FCA2D87AB" . (.IncrediMail.) -- C:\Windows\Installer\{18DB3375-0649-4EA3-959A-44F1ACD278BA}\ARPPRODUCTICON.exe
O90 - PUC: "617DD6FF01B79624F991FF0BA74CDC59" . (.Bing Bar.) -- C:\Windows\Installer\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}\icon_installer_ico =Toolbar.Bing
~ Update Products: 160 Legitimates Filtered in 00mn 00s

---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.644E790DEB6C304DFFEBFE40B14CCDA8] [WIS][08/07/2013] (.QwertyBox Team - FrameFox Extensions 1.0.4.0 Setup.) -- C:\Windows\Installer\2c4a4f.msi [376832] =PUP.FrameFox
[MD5.0F0F82B67B2FBA39EE538028DDC14AD2] [WIS][08/09/2011] (.IncrediMail - IncrediMail.) -- C:\Windows\Installer\b914a1.msi [2838016]
~ WIS: 163 Legitimates Filtered in 00mn 13s

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 04/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 16/12/2013 193696 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe
SS - | Demand 21/05/2008 64000 | (CTUPnPSv) . (.Creative Technology Ltd.) - C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 02/09/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 02/09/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Demand 18/06/2009 6144 | (MEMSWEEP2) . (.Sophos Plc.) - C:\Windows\system32\D025.tmp

SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 23/11/2010 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Demand 16/12/2013 247968 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe
SR - | Auto 02/04/2007 61440 | (CTDevice_Srv) . (.Creative Technology Ltd.) - C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
SR - | Auto 22/09/2011 974944 | (ekrn) . (.ESET.) - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
SR - | Auto 11/01/2007 126464 | (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.exe
SR - | Auto 10/07/1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe =.EasyBits Software AS
SR - | Auto 04/02/2014 2222416 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
SR - | Auto 04/11/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =.Hewlett-Packard Co
SR - | Auto 11/10/2010 346168 | (HPClientSvc) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
SR - | Auto 04/02/2014 377616 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 01/02/2011 1127448 | (pdfcDispatcher) . (.PDF Complete Inc.) - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
SR - | Auto 26/09/2013 186760 | (ScsiAccess) . (...) - C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 13s

---\\ Scan Additionnel (O88)
Database Version : 13030 - (06/02/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 28

[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{eec0f710-38b5-4aba-99bf-ec87564a4e13} =Toolbar.Bing^
C:\Program Files (x86)\AmiExt =Adware.FlashEnhancer^
C:\ProgramData\WPM =PUP.WpManager^
C:\Users\Nathan\AppData\Roaming\newnext.me =PUP.NextLive^
C:\Users\Nathan\AppData\Local\Software =Adware.Boxore
[HKLM\Software\Wow6432Node\Wpm] =PUP.WpManager^
[HKLM\Software\Wow6432Node\flash-Enhancer] =Adware.FlashEnhancer^
[HKLM\Software\Wow6432Node\supTab] =PUP.SupTab^
[HKLM\Software\Wow6432Node\supWPM] =PUP.WpManager^
C:\Users\Nathan\Desktop\SoftonicDownloader_pour_cross-fire.exe =Toolbar.Conduit^
C:\Windows\Installer\2c4a4f.msi =PUP.FrameFox^
C:\Users\Nathan\AppData\Local\Temp\Shortcut_SweetImSetup.exe =PUP.SweetIM
C:\Users\Nathan\AppData\Local\Temp\SweetIESetup.exe =PUP.SweetIM
C:\Users\Nathan\AppData\Local\Temp\SweetIESetup.exe.7z =PUP.SweetIM
C:\Users\Nathan\AppData\Local\Temp\BabylonBundleWelcome.exe =PUP.SweetIM
C:\Users\Nathan\AppData\Local\Temp\babylontbpacksSmall.bmp =PUP.SweetIM
C:\Users\Nathan\AppData\Local\Temp\BoxoreInstaller.exe =Adware.Boxore
C:\Users\Nathan\AppData\Local\Temp\mgsqlite3.dll =PUP.SweetIM
C:\Users\Nathan\AppData\Local\Temp\nsdE9EB.exe =Toolbar.Conduit
C:\Users\Nathan\AppData\Local\Temp\nsnD08F.exe =Toolbar.Conduit
C:\Users\Nathan\AppData\Local\Temp\nsnD216.exe =Toolbar.Conduit
C:\Users\Nathan\AppData\Local\Temp\nssEB81.exe =Toolbar.Conduit
C:\Users\Nathan\AppData\Local\Temp\SIMBundleInstaller.exe =Adware.PriceGong
C:\Users\Nathan\AppData\Local\Temp\utt590D.tmp.exe =Toolbar.Conduit
~ Additionnel Scan: 514226 Items scanned in 00mn 25s

---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blo ... vmntoolbar =Spyware.VMNToolbar
~ http://nicolascoolman.webs.com/apps/blo ... ywebsearch =Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blo ... -awesomehp =PUP.Awesomehp
~ http://nicolascoolman.webs.com/apps/blo ... cker-proxy =Hijacker.Proxy
~ http://nicolascoolman.webs.com/apps/blo ... ar-conduit =Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blo ... -wpmanager =PUP.WpManager
~ http://nicolascoolman.webs.com/apps/blo ... shenhancer =Adware.FlashEnhancer
~ http://nicolascoolman.webs.com/apps/blo ... pup-suptab =PUP.SupTab
~ http://nicolascoolman.webs.com/apps/blo ... p-nextlive =PUP.NextLive
~ http://nicolascoolman.webs.com/apps/blo ... dware-zugo =Adware.Zugo
~ http://nicolascoolman.webs.com/apps/blo ... p-framefox =PUP.FrameFox
~ http://nicolascoolman.webs.com/apps/blo ... are-boxore =Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blo ... up-sweetim =PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blo ... -pricegong =Adware.PriceGong
~ MSI: 14 link(s) detected in 00mn 25s

~ 1429 Legitimates filtered by white list
End of the scan (590 lines in 01mn 20s)(0)

virus HKCUSoftwareVB and VBA Program SettingsINSTAL#102599

par 2011N2 - sam. 8 févr. 2014 22:21

- sam. 8 févr. 2014 22:21 #102599

Re,

Non faut l'héberger : http://www.forum-entraide-informatique. ... m-tutoriel

Gabriel.

Re: virus HKCU\Software\VB and VBA Program Settings\INSTAL#102654

par chandrakauns - dim. 9 févr. 2014 08:52

- dim. 9 févr. 2014 08:52 #102654

Re,

Non faut l'héberger : http://www.forum-entraide-informatique. ... m-tutoriel

Gabriel. ok merci :http://cjoint.com/?DBjiXdTAXFP

Re: virus HKCU\Software\VB and VBA Program Settings\INSTAL#102655

par chandrakauns - dim. 9 févr. 2014 08:54

- dim. 9 févr. 2014 08:54 #102655

[quote="chandrakauns"]Re,

Non faut l'héberger : http://www.forum-entraide-informatique. ... m-tutoriel

Gabriel. ok merci :http://cjoint.com/?DBjiXdTAXFP [/quote

http://cjoint.com/14fe/DBji16rT63h.htm

Re: virus HKCU\Software\VB and VBA Program Settings\INSTAL#102656

par chandrakauns - dim. 9 févr. 2014 09:07

- dim. 9 févr. 2014 09:07 #102656

Re,

Non faut l'héberger : http://www.forum-entraide-informatique. ... m-tutoriel

Gabriel. ok merci :http://cjoint.com/?DBjiXdTAXFP [/quote

http://cjoint.com/14fe/DBji16rT63h.htm
ou:http://cjoint.com/14fe/DBjjdExrqEu.htm

virus HKCUSoftwareVB and VBA Program SettingsINSTAL#102715

par 2011N2 - dim. 9 févr. 2014 11:28

- dim. 9 févr. 2014 11:28 #102715

Bonjour,

Passe Shortcut_Module et poste le rapport : http://www.forum-entraide-informatique. ... e-tutoriel

Puis fais un nouveau rapport ZHPDiag.

Gabriel.

Re: virus HKCU\Software\VB and VBA Program Settings\INSTAL#102746

par chandrakauns - dim. 9 févr. 2014 11:57

- dim. 9 févr. 2014 11:57 #102746

Bonjour,

Passe Shortcut_Module et poste le rapport : http://www.forum-entraide-informatique. ... e-tutoriel

Puis fais un nouveau rapport ZHPDiag.

Gabriel. merci gabriel mais je suis arrivé à m'en débarasser ,il était dans java script ,j'ai désactivé java et passé cc cleaner puis j'ai téléchargé un patc de correction java sur leur site il semble qu'il ya une faille de sécurité pour java 7 .j'ai repassé mbam nickel!
maintenant j'ai rejoind la cohorte des victimes de awesomehp
merci por ton aide

virus HKCUSoftwareVB and VBA Program SettingsINSTAL#102753

par 2011N2 - dim. 9 févr. 2014 12:15

- dim. 9 févr. 2014 12:15 #102753

Re,

OK, fais ce que j'ai demandé, soit Shortcut_Module puis un nouveau ZHPDiag.

Gabriel.

virus HKCUSoftwareVB and VBA Program SettingsINSTAL#110577

par Dori@n - jeu. 6 mars 2014 17:32

- jeu. 6 mars 2014 17:32 #110577

Bonjour,

Ce sujet n'a pas reçu de réponse de l'auteur depuis plus de 15 jours. Il est donc considéré comme archivé.
La prochaine fois, merci de nous tenir au courant de l'évolution de votre problème, ou de faire un UP régulièrement.

Ce sujet est verrouillé, si vous souhaitez le reprendre ou signaler qu'il est résolu, merci de contacter par message privé un membre de l'équipe de modération du forum.

À bientôt sur FEI !

[

Sujet verrouillé

Options
13 messages

Page 1 sur 1
13 messages

FORUM D’ENTRAIDE INFORMATIQUE (FEI)
Site d’assistance et de sécurité informatique

virus HKCUSoftwareVB and VBA Program SettingsINSTAL#102068

virus HKCUSoftwareVB and VBA Program SettingsINSTAL#102093

Re: virus HKCU\Software\VB and VBA Program Settings\INSTAL#102121

virus HKCUSoftwareVB and VBA Program SettingsINSTAL#102128

Re: virus HKCU\Software\VB and VBA Program Settings\INSTAL#102583

virus HKCUSoftwareVB and VBA Program SettingsINSTAL#102599

Re: virus HKCU\Software\VB and VBA Program Settings\INSTAL#102654

Re: virus HKCU\Software\VB and VBA Program Settings\INSTAL#102655

Re: virus HKCU\Software\VB and VBA Program Settings\INSTAL#102656

virus HKCUSoftwareVB and VBA Program SettingsINSTAL#102715

Re: virus HKCU\Software\VB and VBA Program Settings\INSTAL#102746

virus HKCUSoftwareVB and VBA Program SettingsINSTAL#102753

virus HKCUSoftwareVB and VBA Program SettingsINSTAL#110577

dock pc pour switcher entre PC fixe et portable sur mon installation

Présentation Kev28

Guider mon enfant

Des conseils pour intégrer un chatbot sur mon site e-commerce?

Forum d'Entraide Informatique (FEI)

Nous suivre sur Twitter @forumFEI

FORUM D’ENTRAIDE INFORMATIQUE (FEI)Site d’assistance et de sécurité informatique

Forum d'Entraide Informatique (FEI)

FORUM D’ENTRAIDE INFORMATIQUE (FEI)
Site d’assistance et de sécurité informatique