Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
  • Avatar du membre
Avatar du membre
par klem1
#197318
Bonjour à  tous cela fait plusieurs heures que j'essai de supprimer un virus, j'ai suivi tout les tuto tu web ou presque. J'ai fait des analyse complète avec Malwarebytes, spyware terminator, avast, adwcleaner, ccleaner...

Je peux voir que le virus est encore actif car il a infecté mon curseur de souris, toutes les 3 secondes, le sablier se met à  tourner sur le pointeur de la souris tout en désélectionnant ce que je fait.

j'en peux plus, j'ai essayer une restauration antérieur mais ma restauration à  planté bref.. je ne sais plus quoi faire, je viens donc vous demander votre aide .

Indice: A mon avis cela viens de ceci PUP.Optional.BubbleDock
Modifié en dernier par buckhulk le lun. 18 août 2014 12:02, modifié 2 fois. Raison : Sujet Référencé
Avatar du membre
par buckhulk
#197324
bonsoir klem1

il va falloir faire un ZHPDiag et peut-être repasser les logiciels que tu as utilisé , mais en le retelechatgeant !

pur commencer sur de bonnes bases , je vais te demander de passer Deflfix d'abord et ensuite me faire un ZHPDiag !
merci
:merci2:

Delfix

Image

Delfix à  changé et est devenu plus performant !

1 - Télécharges DelFix sur votre bureau ICI

Image

2 - Vous pouvez cocher la case "réactiver l'UAC s'il a été désactivé !

la case "suprimer les outils de désinfection est cochée par défaut !

3 - vous pouvez cocher la case "éffectuer une sauvegarde du registre ! (au cas ou il y est un pbl )
4 - vous pouvez cocher la case "purger la restauration système" tous les anciens points seront supprimés et un nouveau "sain" sera créer !
5 - enfin cliquez sur : exécuter

ps : Si c'est en milieu de désinfection ou si ce n'est pas indiqué, le passer comme il est programmé !

ensuite :
  • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
  • Installe le logiciel.
  • Lance ZHPDiag, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  • Clic sur Complet

    Note : Ne pas fermer le programme même si il est indiqué qu'il ne répond plus.

    Image
  • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPDiag.txt à  été créé.
  • Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
:merci2:
Avatar du membre
par klem1
#197332
Voici les analyse.
Adw Cleaner
Code: Tout sélectionner
# AdwCleaner v3.307 - Rapport créé le 17/08/2014 à  22:35:04
# Mis à  jour le 17/08/2014 par Xplode
# Système d'exploitation : Windows 7 Professional Service Pack 1 (64 bits)
# Nom d'utilisateur : Clement - CLEMENT-PC
# Exécuté depuis : F:\Downloads\adwcleaner_3.307.exe
# Option : Nettoyer

***** [ Services ] *****

Service Supprimé : IePluginServices

***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\ProgramData\IePluginServices
Dossier Supprimé : C:\ProgramData\ParetoLogic
Dossier Supprimé : C:\Program Files (x86)\SupTab
Dossier Supprimé : C:\Users\Clement\AppData\Roaming\Nosibay
Dossier Supprimé : C:\Users\Clement\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bubble Dock

***** [ Tà¢ches planifiées ] *****


***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Clé Supprimée : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Clé Supprimée : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Donnée Restaurée : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Clé Supprimée : HKCU\Software\Nosibay
Clé Supprimée : HKCU\Software\SupHpUISoft
Clé Supprimée : HKCU\Software\UpdateStar
Clé Supprimée : HKCU\Software\AppDataLow\Software\DynConIE
Clé Supprimée : HKLM\SOFTWARE\SupDp
Clé Supprimée : HKLM\SOFTWARE\SupTab
Clé Supprimée : HKLM\SOFTWARE\supWindowsMangerProtect
Clé Supprimée : HKLM\SOFTWARE\supWPM
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.17207

Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Paramètre Restauré : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Paramètre Restauré : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v36.0.1985.125

[ Fichier : C:\Users\Clement\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Supprimée [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1408281240&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ANNSADB86446K&q=" onclick="window.open(this.href);return false;{searchTerms}
Supprimée [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1408281240&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ANNSADB86446K&q=" onclick="window.open(this.href);return false;{searchTerms}
Supprimée [Search Provider] : hxxp://www.softonic.fr/s/" onclick="window.open(this.href);return false;{searchTerms}
Supprimée [Startup_urls] : hxxp://www.istartsurf.com/?type=hp&ts=1408281240&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ANNSADB86446K" onclick="window.open(this.href);return false;
Supprimée [Startup_urls] : hxxp://www.istartsurf.com/?type=hp&ts=1408281398&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ANNSADB86446K" onclick="window.open(this.href);return false;

*************************

AdwCleaner[R0].txt - [5515 octets] - [17/08/2014 20:57:51]
AdwCleaner[R1].txt - [1742 octets] - [17/08/2014 21:35:01]
AdwCleaner[S0].txt - [3734 octets] - [17/08/2014 22:35:04]
AdwCleaner[S1].txt - [1612 octets] - [17/08/2014 20:58:29]
AdwCleaner[S2].txt - [2149 octets] - [17/08/2014 21:35:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3914 octets] ##########
# AdwCleaner v3.307 - Rapport créé le 17/08/2014 à  23:04:05
# Mis à  jour le 17/08/2014 par Xplode
# Système d'exploitation : Windows 7 Professional Service Pack 1 (64 bits)
# Nom d'utilisateur : Clement - CLEMENT-PC
# Exécuté depuis : F:\Downloads\adwcleaner_3.307.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****


***** [ Tà¢ches planifiées ] *****


***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Clé Supprimée : HKCU\Software\UpdateStar
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Google Chrome v36.0.1985.125

[ Fichier : C:\Users\Clement\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Supprimée [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1408281240&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ANNSADB86446K&q=" onclick="window.open(this.href);return false;{searchTerms}
Supprimée [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1408281240&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ANNSADB86446K&q=" onclick="window.open(this.href);return false;{searchTerms}
Supprimée [Search Provider] : hxxp://www.softonic.fr/s/" onclick="window.open(this.href);return false;{searchTerms}
Supprimée [Startup_urls] : hxxp://www.istartsurf.com/?type=hp&ts=1408281240&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ANNSADB86446K" onclick="window.open(this.href);return false;
Supprimée [Startup_urls] : hxxp://www.istartsurf.com/?type=hp&ts=1408281398&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ANNSADB86446K" onclick="window.open(this.href);return false;

*************************

AdwCleaner[R0].txt - [7209 octets] - [17/08/2014 20:57:51]
AdwCleaner[R1].txt - [1742 octets] - [17/08/2014 21:35:01]
AdwCleaner[S0].txt - [5787 octets] - [17/08/2014 22:35:04]
AdwCleaner[S1].txt - [1612 octets] - [17/08/2014 20:58:29]
AdwCleaner[S2].txt - [2149 octets] - [17/08/2014 21:35:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5967 octets] ##########
ZHP DIAG
Code: Tout sélectionner
~ Rapport de ZHPDiag v2014.8.13.118 - Nicolas Coolman (13/08/2014)
~ Lancé par Clement (17/08/2014 23:08:46)
~ Adresse du Site Web http://nicolascoolman.fr" onclick="window.open(this.href);return false;
~ Adresse du Forum http://forum.nicolascoolman.fr" onclick="window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17207
GCIE: Google Chrome v36.0.1985.125 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, VOLUME_KMSCLIENT channel
Windows ID Activation : OK
~ Windows Partial Key : GPDD4
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2021
Malwarebytes Anti-Malware version 2.0.2.1012
Windows Defender W7 (Activate)

---\\ Logiciels d'optimisation du système
CCleaner v4.12

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Java 7 Update 55

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8130 MB (64% free)
System Restore: Activé (Enable)
System drive C: has 43 GB (39%) free of 107 GB

---\\ Mode de connexion au système
~ Computer Name: CLEMENT-PC
~ User Name: Clement
~ All Users Names: Clement, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Clement\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Clement\AppData\Roaming\
~ %Desktop% : C:\Users\Clement\Desktop\
~ %Favorites% : C:\Users\Clement\Favorites\
~ %LocalAppData% : C:\Users\Clement\AppData\Local\
~ %StartMenu% : C:\Users\Clement\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 43 Go of 107 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
F: Hard drive, Flash drive, Thumb drive (Free 519 Go of 977 Go)
J: Hard drive, Flash drive, Thumb drive (Free 302 Go of 443 Go)
P: Hard drive, Flash drive, Thumb drive (Free 419 Go of 443 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.18/06/2014 - 23:58:27.) -- C:\Windows\System32\wininet.dll [2266112]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Application d‚ouverture de session Windows.) (.04/03/2014 - 10:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.BC204AB3FBC84E419DBC486E3CC5CE94] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 12:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.25/02/2011 - 07:25:38.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 1/24
~ Mes Documents (My Documents) : 2/36
~ Mon Bureau (My Desktop) : 1/38
~ Menu demarrer (Programs) : 1/40
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.AB6CE6F1827345453030E09533BD744B] - (...) -- C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [1218360] [PID.2096]
[MD5.94626EA1B95A54444B950759BE5679E7] - (.ASUSTeK Computer Inc. - Pas de description.) -- C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [1389368] [PID.2104]
[MD5.4FBC630768570E6AC35C3DE8F6EC79F5] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6970168] [PID.2588]
[MD5.C56AEF21A76A6E2BB36A384B2C96389F] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104] [PID.4560]
[MD5.ADDF1D80161DA7C5FB9D725EED986655] - (...) -- C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\EPUShortCut.exe [1221432] [PID.4988]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.5500]
[MD5.AAA77701508F8AD3585461E67BE40AF2] - (.Samsung Electronics. - Samsung Magician Application.) -- P:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [4737440] [PID.5936]
[MD5.26B558B2D31C7425B455B00E562EAD93] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [4085896] [PID.5996]
[MD5.DC2E338E63159454B71659D82515A04E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8091648] [PID.6396]
[MD5.D2230317777033CD0456990BFC4994E5] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [411936] [PID.1016]
[MD5.73F5C13B431915BAE35254B4E95DFB71] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1516]
[MD5.BBF8F831C7720DD5135D8C4C8325187A] - (...) -- C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728] [PID.1432]
[MD5.E536856E96A7605EBF580D62A868E5FE] - (...) -- C:\Windows\SysWOW64\ASGT.exe [55296] [PID.2228]
[MD5.893481D570E97CED36EC7EBD56ADBF24] - (.ASUSTeK Computer Inc. - Pas de description.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [945152] [PID.2248]
[MD5.7683F046E48265C83E40EB3D4492E78E] - (.ASUSTeK Computer Inc. - ASUS Motherboard Fan Control Service.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.22\AsusFanControlService.exe [1639424] [PID.2284]
[MD5.D84AEA3F3329D622DFC1297DDDF6163B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720] [PID.2868]
[MD5.4F45ED469906494F9BF754E476390DBD] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472] [PID.2532]
[MD5.D0F743BD1F8E402E4A52D83574828AC2] - (.Pas de propriétaire - ducservice.) -- C:\Program Files (x86)\No-IP\ducservice.exe [10752] [PID.2776]
[MD5.D6310F79E51D1F997E964E81DD368AEA] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608] [PID.2384]
[MD5.635686E528F2C9CB916EC1BB04EE6AD1] - (...) -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736] [PID.3092]
[MD5.6241810294275CEA59EBA9733080E5EE] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720] [PID.5424]
[MD5.52069AEB42D3D0F97CBCA1085EBF55E6] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432] [PID.6564]
[MD5.8939CBB2526CB87C476DB9ABBF243AE0] - (.Intel Corporation - Intel(R) Local Management Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [390616] [PID.5708]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Clement\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Googleà‚ Drive v.6.3 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Googleà‚ Wallet v.0.0.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [onhbegdkgonhlokobjefolhpoidcnida] Synology Download Station v.2.1.7, (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 24 Legitimates Filtered in 00mn 05s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [ProfilerU] . (.Saitek - Saitek SST Profile Launcher.) -- C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_9E929130E8EBB2E1654F3E39F9DE2EFB] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-825608802-4289994647-314183835-1000\..\Run: [GoogleChromeAutoLaunch_9E929130E8EBB2E1654F3E39F9DE2EFB] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{612850A9-2EF8-4CFB-8F80-9F3A70CB5786}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{A203F6FA-8877-46A6-8152-30358027D010}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{612850A9-2EF8-4CFB-8F80-9F3A70CB5786}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{A203F6FA-8877-46A6-8152-30358027D010}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{612850A9-2EF8-4CFB-8F80-9F3A70CB5786}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{A203F6FA-8877-46A6-8152-30358027D010}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: ASGT (ASGT) . (...) - C:\Windows\SysWOW64\ASGT.exe
O23 - Service: NO-IP DUC v4 (NoIPDUCService4) . (.Pas de propriétaire - ducservice.) - C:\Program Files (x86)\No-IP\ducservice.exe
~ Services: 18 Legitimates Filtered in 00mn 05s



---\\ Tà¢ches planifiées en automatique (O39)
[MD5.D4F602B1F775B5827932D3C5B04A3FD2] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe [3372032] =>Trojan.AutoKMS
[MD5.AB6CE6F1827345453030E09533BD744B] [APT] [ASUS DIPAwayMode] (...) -- C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [1218360]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
~ Scheduled Task: 16 Legitimates Filtered in 00mn 01s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (ndisrd) . (.NT Kernel Resources - NDISRD helper driver.) - C:\Windows\System32\DRIVERS\ndisrd.sys
~ Drivers: 87 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Le Chercheur de Mots 1.0.49 - (...) [HKLM][64Bits] -- Le Chercheur de Mots_is1
~ Logic: 23 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKLM\Software\Respawn]
[HKLM\Software\Wow6432Node\Respawn]
[HKLM\Software\jumpshot.com]
~ Key Software: 259 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 09/04/2014 - 13:21:32 - [] ----D C:\Program Files (x86)\ImageWriter
O43 - CFD: 10/03/2014 - 15:23:03 - [] ----D C:\Users\Clement\AppData\Roaming\com.spiderneo.junglertimer
O43 - CFD: 17/08/2014 - 15:23:42 - [0] ----D C:\Users\Clement\AppData\Roaming\Store =>PUP.Nosibay
~ Program Folder: 174 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.BABA8E4A8F084AA69862473513768F43] - 15/08/2014 - 01:37:47 ---A- . (...) -- C:\Windows\DirectX.log [18549]
O44 - LFC:[MD5.B6FC9B1B063F06015EA8888FE291B98E] - 17/08/2014 - 22:07:01 ---A- . (...) -- C:\DelFix.txt [833]
~ Files: 91 Legitimates Filtered in 00mn 01s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{724d44d4-dba5-11e3-9f44-74d02b9f0221}\AutoRun\command. (...) -- G:\Startme.exe (.not file.)
O51 - MPSK:{ba83cb47-a14d-11e3-a996-806e6f6e6963}\AutoRun\command. (...) -- D:\.\Bin\ASSETUP.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\NoIPDUCv4 [Key] . (.Pas de propriétaire - DUC40.) -- C:\Program Files (x86)\No-IP\DUC40.exe
O53 - SMSR:HKLM\...\startupreg\OODefragTray [Key] . (...) -- C:\Program Files\OO Software\Defrag\oodtray.exe (.not file.)
~ SMSR Keys: 14 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:23/07/2014 - 10:40:54 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:23/07/2014 - 10:40:54 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:23/07/2014 - 10:40:55 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [224896] =>.ALWIL Software
O58 - SDL:03/08/2012 - 10:36:52 ---A- . (.Windows (R) Win 7 DDK provider - Synology Virtual USB Hub.) -- C:\Windows\System32\Drivers\busenum.sys [55776]
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:07/02/2013 - 09:31:14 R--A- . (.NT Kernel Resources - NDISRD helper driver.) -- C:\Windows\System32\Drivers\ndisrd.sys [32840]
O58 - SDL:19/04/2013 - 03:56:48 ---A- . (...) -- C:\Windows\System32\Drivers\nvflash.sys [15648]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:22/08/2013 - 13:40:24 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [40664]
O58 - SDL:29/11/2013 - 09:31:28 ---A- . (...) -- C:\Windows\System32\ampa.sys [17008]
O58 - SDL:21/08/2012 - 19:54:10 R--A- . (...) -- C:\Windows\SysWOW64\drivers\AsIO.sys [15232]
O58 - SDL:14/09/2012 - 03:06:23 R--A- . (...) -- C:\Windows\SysWOW64\drivers\AsUpIO.sys [14464]
O58 - SDL:02/04/2009 - 13:30:14 ---A- . (...) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [10296]
O58 - SDL:29/11/2013 - 09:31:28 ---A- . (...) -- C:\Windows\SysWOW64\ampa.sys [17008]
~ Drivers: 93 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 23/07/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 93 Legitimates Filtered in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com" onclick="window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{50E86DB5-872C-48A7-8ED7-31F6D6542D29}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- F:\Downloads\torrent_3-4-build-30635_fr_18245.exe =>P2P.BitTorrent
O87 - FAEL: "{FAD57A23-6B11-4E3A-BF15-804B187825AB}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- F:\Downloads\torrent_3-4-build-30635_fr_18245.exe =>P2P.BitTorrent
O87 - FAEL: "{AEEDCC9F-2ADC-4CA4-873A-C41FE8FA58D4}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Clement\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{F2D83A52-5F3D-4695-A3BA-32E4EB1C18EE}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Clement\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Disabled 02/03/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 02/03/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 02/01/2013 171632 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SS - | Demand 27/08/2013 828376 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 29/05/2014 543424 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SR - | Auto 07/05/2013 936728 | (asComSvc) . (...) - C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
SR - | Auto 17/01/2012 55296 | (ASGT) . (...) - C:\Windows\SysWOW64\ASGT.exe
SR - | Auto 07/05/2013 945152 | (asHmComSvc) . (.ASUSTeK Computer Inc..) - C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
SR - | Auto 09/05/2013 1639424 | (AsusFanControlService) . (.ASUSTeK Computer Inc..) - C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.22\AsusFanControlService.exe
SR - | Auto 23/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 21/11/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 27/08/2013 747520 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 10/12/2013 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 10/12/2013 390616 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 24/02/2014 2818888 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 06/02/2014 10752 | (NoIPDUCService4) . (...) - C:\Program Files (x86)\No-IP\ducservice.exe
SR - | Auto 25/07/2014 1720608 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 25/07/2014 18956064 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 02/07/2014 935368 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 02/07/2014 411936 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 23/01/2014 248736 | (UsbClientService) . (...) - C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 03s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Clement at 17/08/2014 23:09:43
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog" onclick="window.open(this.href);return false;
Run by Clement at 17/08/2014 23:09:45
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (13/08/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 1

C:\Users\Clement\AppData\Roaming\Store =>PUP.Nosibay^
C:\Windows\AutoKMS\AutoKMS.exe =>Trojan.AutoKMS^
~ Additionnel Scan: 196874 Items scanned in 00mn 09s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/g2-google-chrome-extensions/" onclick="window.open(this.href);return false; =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/" onclick="window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/" onclick="window.open(this.href);return false; =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/" onclick="window.open(this.href);return false; =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/" onclick="window.open(this.href);return false; =>.Clé de registre Shell MountPoints2 (MPKS) (O51)
~ AMI: 5 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/trojan-autokms" onclick="window.open(this.href);return false; =>Trojan.AutoKMS
~ MSI: 1 link(s) detected in 00mn 00s



~ 892 Legitimates filtered by white list
End of the scan (447 lines in 01mn 09s)(0)
MalwareBytes
Code: Tout sélectionner
Malwarebytes Anti-Malware
http://www.malwarebytes.org" onclick="window.open(this.href);return false;

Date de l'examen: 17/08/2014
Heure de l'examen: 22:58:31
Fichier journal: mbam.txt
Administrateur: Oui

Version: 2.00.2.1012
Base de données Malveillants: v2014.08.17.05
Base de données Rootkits: v2014.08.16.01
Licence: Premium
Protection contre les malveillants: Activé(e)
Protection contre les sites Web malveillants: Activé(e)
Self-protection: Désactivé(e)

Système d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Clement

Type d'examen: Examen "Menaces"
Résultat: Terminé
Objets analysés: 290439
Temps écoulé: 2 min, 57 sec

Mémoire: Activé(e)
Démarrage: Activé(e)
Système de fichiers: Activé(e)
Archives: Activé(e)
Rootkits: Activé(e)
Heuristics: Activé(e)
PUP: Activé(e)
PUM: Activé(e)

Processus: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Clés du Registre: 0
(No malicious items detected)

Valeurs du Registre: 0
(No malicious items detected)

Données du Registre: 0
(No malicious items detected)

Dossiers: 0
(No malicious items detected)

Fichiers: 1
PUP.Optional.IStartSurf.A, C:\Users\Clement\AppData\Local\Google\Chrome\User Data\Default\Preferences, Bon: (), Mauvais: ( "startup_urls": [ "https://www.google.fr/", "http://www.google.com", "http://www.istartsurf.com/?type=hp&ts=1408281240&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ANNSADB86446K", "http://www.istartsurf.com/?type=hp&ts=1408281398&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ANNSADB86446K" ],), ,[83c4bd0aaecdbc7ac92880838d78e818]

Secteurs physiques: 0
(No malicious items detected)


(end)
Avatar du membre
par klem1
#197338
Delfix
Code: Tout sélectionner
# DelFix v10.8 - Rapport créé le 17/08/2014 à  23:27:12
# Mis à  jour le 29/07/2014 par Xplode
# Nom d'utilisateur : Clement - CLEMENT-PC
# Système d'exploitation : Windows 7 Professional Service Pack 1 (64 bits)

~ Suppression des outils de désinfection ...

Supprimé : C:\Users\Clement\AppData\Roaming\ZHP
Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Supprimé : C:\Program Files (x86)\ZHPDiag
Supprimé : C:\PhysicalDisk0_MBR.bin
Supprimé : C:\Users\Clement\Desktop\ZHPDiag.lnk
Supprimé : C:\Users\Clement\Desktop\ZHPDiag.txt
Supprimé : C:\Users\Clement\Desktop\ZHPFix.lnk
Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

########## - EOF - ##########


ZHPDiag
Code: Tout sélectionner
~ Rapport de ZHPDiag v2014.8.16.119 - Nicolas Coolman (16/08/2014)
~ Lancé par Clement (17/08/2014 23:28:03)
~ Adresse du Site Web http://nicolascoolman.fr" onclick="window.open(this.href);return false;
~ Adresse du Forum http://forum.nicolascoolman.fr" onclick="window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à  jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17207
GCIE: Google Chrome v36.0.1985.125 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, VOLUME_KMSCLIENT channel
Windows ID Activation : OK
~ Windows Partial Key : GPDD4
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2021
Malwarebytes Anti-Malware version 2.0.2.1012
Windows Defender W7 (Activate)

---\\ Logiciels d'optimisation du système
CCleaner v4.12

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Java 7 Update 55

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8130 MB (69% free)
System Restore: Activé (Enable)
System drive C: has 42 GB (39%) free of 107 GB

---\\ Mode de connexion au système
~ Computer Name: CLEMENT-PC
~ User Name: Clement
~ All Users Names: Clement, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Clement\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Clement\AppData\Roaming\
~ %Desktop% : C:\Users\Clement\Desktop\
~ %Favorites% : C:\Users\Clement\Favorites\
~ %LocalAppData% : C:\Users\Clement\AppData\Local\
~ %StartMenu% : C:\Users\Clement\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 42 Go of 107 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
F: Hard drive, Flash drive, Thumb drive (Free 519 Go of 977 Go)
J: Hard drive, Flash drive, Thumb drive (Free 302 Go of 443 Go)
P: Hard drive, Flash drive, Thumb drive (Free 419 Go of 443 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.18/06/2014 - 23:58:27.) -- C:\Windows\System32\wininet.dll [2266112]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Application d&#130;ouverture de session Windows.) (.04/03/2014 - 10:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.BC204AB3FBC84E419DBC486E3CC5CE94] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 12:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.25/02/2011 - 07:25:38.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 1/24
~ Mes Documents (My Documents) : 2/36
~ Mon Bureau (My Desktop) : 1/38
~ Menu demarrer (Programs) : 1/40
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.AB6CE6F1827345453030E09533BD744B] - (...) -- C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [1218360] [PID.2096]
[MD5.94626EA1B95A54444B950759BE5679E7] - (.ASUSTeK Computer Inc. - Pas de description.) -- C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [1389368] [PID.2104]
[MD5.4FBC630768570E6AC35C3DE8F6EC79F5] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6970168] [PID.2588]
[MD5.C56AEF21A76A6E2BB36A384B2C96389F] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104] [PID.4560]
[MD5.ADDF1D80161DA7C5FB9D725EED986655] - (...) -- C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\EPUShortCut.exe [1221432] [PID.4988]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.5500]
[MD5.AAA77701508F8AD3585461E67BE40AF2] - (.Samsung Electronics. - Samsung Magician Application.) -- P:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [4737440] [PID.5936]
[MD5.26B558B2D31C7425B455B00E562EAD93] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [4085896] [PID.5996]
[MD5.6F815EE8023E715353C4D9F88F75D2B6] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8092160] [PID.3368]
[MD5.D2230317777033CD0456990BFC4994E5] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [411936] [PID.1016]
[MD5.73F5C13B431915BAE35254B4E95DFB71] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1516]
[MD5.BBF8F831C7720DD5135D8C4C8325187A] - (...) -- C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728] [PID.1432]
[MD5.E536856E96A7605EBF580D62A868E5FE] - (...) -- C:\Windows\SysWOW64\ASGT.exe [55296] [PID.2228]
[MD5.893481D570E97CED36EC7EBD56ADBF24] - (.ASUSTeK Computer Inc. - Pas de description.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [945152] [PID.2248]
[MD5.7683F046E48265C83E40EB3D4492E78E] - (.ASUSTeK Computer Inc. - ASUS Motherboard Fan Control Service.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.22\AsusFanControlService.exe [1639424] [PID.2284]
[MD5.D84AEA3F3329D622DFC1297DDDF6163B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720] [PID.2868]
[MD5.4F45ED469906494F9BF754E476390DBD] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472] [PID.2532]
[MD5.D0F743BD1F8E402E4A52D83574828AC2] - (.Pas de propriétaire - ducservice.) -- C:\Program Files (x86)\No-IP\ducservice.exe [10752] [PID.2776]
[MD5.D6310F79E51D1F997E964E81DD368AEA] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608] [PID.2384]
[MD5.635686E528F2C9CB916EC1BB04EE6AD1] - (...) -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736] [PID.3092]
[MD5.6241810294275CEA59EBA9733080E5EE] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720] [PID.5424]
[MD5.52069AEB42D3D0F97CBCA1085EBF55E6] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432] [PID.6564]
[MD5.8939CBB2526CB87C476DB9ABBF243AE0] - (.Intel Corporation - Intel(R) Local Management Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [390616] [PID.5708]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Clement\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Googleà‚ Drive v.6.3 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Googleà‚ Wallet v.0.0.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [onhbegdkgonhlokobjefolhpoidcnida] Synology Download Station v.2.1.7, (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 24 Legitimates Filtered in 00mn 05s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [ProfilerU] . (.Saitek - Saitek SST Profile Launcher.) -- C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_9E929130E8EBB2E1654F3E39F9DE2EFB] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-825608802-4289994647-314183835-1000\..\Run: [GoogleChromeAutoLaunch_9E929130E8EBB2E1654F3E39F9DE2EFB] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{612850A9-2EF8-4CFB-8F80-9F3A70CB5786}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{A203F6FA-8877-46A6-8152-30358027D010}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{612850A9-2EF8-4CFB-8F80-9F3A70CB5786}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{A203F6FA-8877-46A6-8152-30358027D010}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{612850A9-2EF8-4CFB-8F80-9F3A70CB5786}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{A203F6FA-8877-46A6-8152-30358027D010}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: ASGT (ASGT) . (...) - C:\Windows\SysWOW64\ASGT.exe
O23 - Service: NO-IP DUC v4 (NoIPDUCService4) . (.Pas de propriétaire - ducservice.) - C:\Program Files (x86)\No-IP\ducservice.exe
~ Services: 18 Legitimates Filtered in 00mn 05s



---\\ Tà¢ches planifiées en automatique (O39)
[MD5.D4F602B1F775B5827932D3C5B04A3FD2] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe [3372032] =>Trojan.AutoKMS
[MD5.AB6CE6F1827345453030E09533BD744B] [APT] [ASUS DIPAwayMode] (...) -- C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [1218360]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
~ Scheduled Task: 16 Legitimates Filtered in 00mn 01s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (ndisrd) . (.NT Kernel Resources - NDISRD helper driver.) - C:\Windows\System32\DRIVERS\ndisrd.sys
~ Drivers: 87 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Le Chercheur de Mots 1.0.49 - (...) [HKLM][64Bits] -- Le Chercheur de Mots_is1
~ Logic: 23 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKLM\Software\Respawn]
[HKLM\Software\Wow6432Node\Respawn]
[HKLM\Software\jumpshot.com]
~ Key Software: 259 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 09/04/2014 - 13:21:32 - [] ----D C:\Program Files (x86)\ImageWriter
O43 - CFD: 10/03/2014 - 15:23:03 - [] ----D C:\Users\Clement\AppData\Roaming\com.spiderneo.junglertimer
O43 - CFD: 17/08/2014 - 15:23:42 - [0] ----D C:\Users\Clement\AppData\Roaming\Store =>PUP.Nosibay
~ Program Folder: 174 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.BABA8E4A8F084AA69862473513768F43] - 15/08/2014 - 01:37:47 ---A- . (...) -- C:\Windows\DirectX.log [18549]
O44 - LFC:[MD5.015DABC37D498783F67BF2D830B8B713] - 17/08/2014 - 22:27:12 ---A- . (...) -- C:\DelFix.txt [724]
~ Files: 91 Legitimates Filtered in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{724d44d4-dba5-11e3-9f44-74d02b9f0221}\AutoRun\command. (...) -- G:\Startme.exe (.not file.)
O51 - MPSK:{ba83cb47-a14d-11e3-a996-806e6f6e6963}\AutoRun\command. (...) -- D:\.\Bin\ASSETUP.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\NoIPDUCv4 [Key] . (.Pas de propriétaire - DUC40.) -- C:\Program Files (x86)\No-IP\DUC40.exe
O53 - SMSR:HKLM\...\startupreg\OODefragTray [Key] . (...) -- C:\Program Files\OO Software\Defrag\oodtray.exe (.not file.)
~ SMSR Keys: 14 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:23/07/2014 - 10:40:54 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:23/07/2014 - 10:40:54 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:23/07/2014 - 10:40:55 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [224896] =>.ALWIL Software
O58 - SDL:03/08/2012 - 10:36:52 ---A- . (.Windows (R) Win 7 DDK provider - Synology Virtual USB Hub.) -- C:\Windows\System32\Drivers\busenum.sys [55776]
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:07/02/2013 - 09:31:14 R--A- . (.NT Kernel Resources - NDISRD helper driver.) -- C:\Windows\System32\Drivers\ndisrd.sys [32840]
O58 - SDL:19/04/2013 - 03:56:48 ---A- . (...) -- C:\Windows\System32\Drivers\nvflash.sys [15648]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:22/08/2013 - 13:40:24 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [40664]
O58 - SDL:29/11/2013 - 09:31:28 ---A- . (...) -- C:\Windows\System32\ampa.sys [17008]
O58 - SDL:21/08/2012 - 19:54:10 R--A- . (...) -- C:\Windows\SysWOW64\drivers\AsIO.sys [15232]
O58 - SDL:14/09/2012 - 03:06:23 R--A- . (...) -- C:\Windows\SysWOW64\drivers\AsUpIO.sys [14464]
O58 - SDL:02/04/2009 - 13:30:14 ---A- . (...) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [10296]
O58 - SDL:29/11/2013 - 09:31:28 ---A- . (...) -- C:\Windows\SysWOW64\ampa.sys [17008]
~ Drivers: 93 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 23/07/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 93 Legitimates Filtered in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com" onclick="window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{50E86DB5-872C-48A7-8ED7-31F6D6542D29}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- F:\Downloads\torrent_3-4-build-30635_fr_18245.exe =>P2P.BitTorrent
O87 - FAEL: "{FAD57A23-6B11-4E3A-BF15-804B187825AB}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- F:\Downloads\torrent_3-4-build-30635_fr_18245.exe =>P2P.BitTorrent
O87 - FAEL: "{AEEDCC9F-2ADC-4CA4-873A-C41FE8FA58D4}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Clement\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{F2D83A52-5F3D-4695-A3BA-32E4EB1C18EE}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Clement\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Disabled 02/03/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 02/03/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 02/01/2013 171632 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SS - | Demand 27/08/2013 828376 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 29/05/2014 543424 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SR - | Auto 07/05/2013 936728 | (asComSvc) . (...) - C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
SR - | Auto 17/01/2012 55296 | (ASGT) . (...) - C:\Windows\SysWOW64\ASGT.exe
SR - | Auto 07/05/2013 945152 | (asHmComSvc) . (.ASUSTeK Computer Inc..) - C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
SR - | Auto 09/05/2013 1639424 | (AsusFanControlService) . (.ASUSTeK Computer Inc..) - C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.22\AsusFanControlService.exe
SR - | Auto 23/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 21/11/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 27/08/2013 747520 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 10/12/2013 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 10/12/2013 390616 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 24/02/2014 2818888 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 06/02/2014 10752 | (NoIPDUCService4) . (...) - C:\Program Files (x86)\No-IP\ducservice.exe
SR - | Auto 25/07/2014 1720608 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 25/07/2014 18956064 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 02/07/2014 935368 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 02/07/2014 411936 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 23/01/2014 248736 | (UsbClientService) . (...) - C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 03s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Clement at 17/08/2014 23:28:51
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog" onclick="window.open(this.href);return false;
Run by Clement at 17/08/2014 23:28:53
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (16/08/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 1

C:\Users\Clement\AppData\Roaming\Store =>PUP.Nosibay^
C:\Windows\AutoKMS\AutoKMS.exe =>Trojan.AutoKMS^
~ Additionnel Scan: 196869 Items scanned in 00mn 09s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/g2-google-chrome-extensions/" onclick="window.open(this.href);return false; =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/" onclick="window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/" onclick="window.open(this.href);return false; =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/" onclick="window.open(this.href);return false; =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/" onclick="window.open(this.href);return false; =>.Clé de registre Shell MountPoints2 (MPKS) (O51)
~ AMI: 5 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/trojan-autokms" onclick="window.open(this.href);return false; =>Trojan.AutoKMS
~ MSI: 1 link(s) detected in 00mn 00s



~ 892 Legitimates filtered by white list
End of the scan (447 lines in 00mn 59s)(0)
Avatar du membre
par buckhulk
#197339
vraiment rapide....

commence par passer USBFix puis AdsFix et tu me refais un ZHPDiag après s'il te plait :merci2:
  1. Télécharge USBFix (de El Desaparecido) sur ton Bureau !
  2. Branche toutes vos sources de données externes à  votre PC (clé USB, disque dur externe, etc...) sans les ouvrir.
  3. Fais clic droit dessus, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  4. Choisis l'option Nettoyage

    Image
  5. Copie et Colle le contenu du rapport qui apparaît à  la fin du scan dans ta réponse
______________________________________________________________
AdsFix

Important : Désactive ton antivirus sinon l'outil ne pourra pas travailler convenablement.

Télécharge AdsFix ICI sur ton bureau.

Note : Enregistrer votre travail avant de continuer !

- Lances AdsFix,
- Inscris ton pays,
- Cliques sur Nettoyer

Image

Note : Patiente le temps du scan

- Laisse travailler l'outil même s'il te parait bloqué
- Si l'outil détecte un proxy que tu ne connais pas clic sur : "Supprimer le proxy"
- Héberge le rapport C:\AdsFix_date_heure.txt sur SOSUpload puis donne le lien obtenu.

Tutoriel AdsFix

3 rapports dans ton prochain messages s'il te plait ! :merci2:
Avatar du membre
par klem1
#197374
USB FIX
Code: Tout sélectionner
[b]############################## | UsbFix V 7.178 | [Nettoyage][/b]

Utilisateur: Clement (Administrateur) # CLEMENT-PC
Mis à  jour le 08/08/2014 par El Desaparecido - SosVirus
Lancé à  23:47:26 | 17/08/2014

Site Web : [url=http://www.usbfix.net/]http://www.usbfix.net/[/url]
Changelog : [url=http://www.usbfix.net/maj/]http://www.usbfix.net/maj/[/url]
Assistance : [url=http://www.sosvirus.net/forum-virus-securite.html]http://www.sosvirus.net/forum-virus-securite.html[/url]
Upload Malware : [url=http://www.sosvirus.net/upload_malware.php]http://www.sosvirus.net/upload_malware.php[/url]
Contact : [url=http://www.usbfix.net/contact/]http://www.usbfix.net/contact/[/url]

[b]################## | System information |[/b]

MB: ASUSTeK COMPUTER INC. (Z87-C)
CPU: Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
GC: NVIDIA GeForce GTX 770
RAM -> [Total : 8130 Mo | Free : 5691 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoftâ„¢ Windows 7 Professional (6.1.7601 64-Bit) Service Pack 1
WB: Internet Explorer : 11.00.9600.16428
WB: Google Chrome : 36.0.1985.125

[b]################## | Security Information |[/b]

AV: avast! Antivirus [[b](!) Désactivé[/b] |A jour]
AS: Windows Defender [Actif |[b](!) Non à  jour[/b]]
AS: avast! Antivirus [[b](!) Désactivé[/b] |A jour]
AS: Malwarebytes Anti-Malware : 2.0.2.1012
FW: Windows Firewall [Actif]
SC: Security Center [Actif]
WU: Windows Update [Actif]

[b]################## | Disk Information |[/b]

C:\ (%SystemDrive%) -> Disque fixe # 107 Go (42 Go libre(s) - 39%) [SSD] # NTFS
E:\ -> Disque fixe # 100 Mo (66 Mo libre(s) - 66%) [Réservé au système] # NTFS
F:\ -> Disque fixe # 977 Go (519 Go libre(s) - 53%) [Bibliothèques] # NTFS
J:\ -> Disque fixe # 443 Go (302 Go libre(s) - 68%) [Jeux] # NTFS
P:\ -> Disque fixe # 443 Go (419 Go libre(s) - 94%) [Programme] # NTFS

[b]################## | Autorun |[/b]


[b]################## | Recherche générique |[/b]


(!) Fichiers temporaires supprimés. (24.0152387619019 MB)

[b]################## | Registre |[/b]

Supprimé! [x64] HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Msn

[b]################## | Regedit Run |[/b]

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [GoogleChromeAutoLaunch_9E929130E8EBB2E1654F3E39F9DE2EFB] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - [x64] HKLM\..\Run : [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
04 - [x64] HKLM\..\Run : [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
04 - [x64] HKLM\..\Run : [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-825608802-4289994647-314183835-1000\..\Run : [GoogleChromeAutoLaunch_9E929130E8EBB2E1654F3E39F9DE2EFB] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\..\RunOnce : [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

[b]################## | UsbFix - Information |[/b]

Info : [url=https://www.youtube.com/watch?v=vUZYYASd7FE]Comment supprimer l'infection des raccourcis sur USB ? (Video)[/url]
Info : [url=http://www.en.usbfix.net/2014/03/remove-shortcut-virus-usb/]L'infection des raccourcis USB, c'est quoi ?[/url]

[b]################## | Hijack |[/b]


[b]################## | C:\ %SystemDrive% - Disque Fixe (NTFS) |[/b]

[17/08/2014 - 23:27:12 | A | 1 Ko] - C:\DelFix.txt
[17/08/2014 - 23:04:39 | ASH | 6243848 Ko] - C:\hiberfil.sys
[17/08/2014 - 23:04:39 | ASH | 8325132 Ko] - C:\pagefile.sys
[17/08/2014 - 20:59:00 | D] - C:\Config.Msi
[01/03/2014 - 16:42:55 | A | 2 Ko] - C:\RHDSetup.log
[17/07/2014 - 22:14:30 | A | 0 Ko] - C:\setup.log
[01/03/2014 - 16:30:55 | SHD] - C:\$Recycle.Bin
[18/04/2014 - 16:27:17 | N | 1 Ko] - C:\AMTAG.BIN
[17/08/2014 - 23:28:51 | A | 1 Ko] - C:\PhysicalDisk0_MBR.bin
[14/07/2009 - 05:20:08 | D] - C:\PerfLogs
[14/07/2009 - 07:08:56 | SHD] - C:\Documents and Settings
[01/03/2014 - 16:30:51 | SHD] - C:\Recovery
[01/03/2014 - 16:30:52 | RD] - C:\Users
[01/03/2014 - 16:41:03 | D] - C:\Intel
[01/03/2014 - 20:42:29 | D] - C:\Données EuroSoft Software Development
[02/03/2014 - 20:23:02 | RHD] - C:\MSOCache
[15/04/2014 - 13:07:51 | D] - C:\RegBackup
[18/04/2014 - 15:19:31 | D] - C:\88625521814
[10/05/2014 - 16:24:52 | D] - C:\JEUX SSD
[06/08/2014 - 00:02:05 | D] - C:\Temp
[17/08/2014 - 22:37:15 | D] - C:\NVIDIA
[17/08/2014 - 22:37:20 | D] - C:\Program Files
[17/08/2014 - 22:37:20 | HD] - C:\ProgramData
[17/08/2014 - 22:37:55 | SHD] - C:\System Volume Information
[17/08/2014 - 22:37:58 | D] - C:\Windows
[17/08/2014 - 23:27:52 | RD] - C:\Program Files (x86)
[17/08/2014 - 23:46:59 | D] - C:\UsbFix

[b]################## | E:\ - Disque Fixe (NTFS) |[/b]

[01/03/2014 - 16:35:16 | SHD] - E:\$RECYCLE.BIN
[01/01/2009 - 01:47:13 | RASH | 8 Ko] - E:\BOOTSECT.BAK
[20/11/2010 - 14:40:07 | RASH | 375 Ko] - E:\bootmgr
[19/01/2014 - 17:24:59 | SHD] - E:\Boot
[17/08/2014 - 21:28:37 | SHD] - E:\System Volume Information

[b]################## | F:\ - Disque Fixe (NTFS) |[/b]

[01/08/2014 - 23:23:09 | D] - F:\msdownld.tmp
[02/03/2014 - 18:55:11 | SHD] - F:\$RECYCLE.BIN
[18/04/2014 - 12:20:18 | D] - F:\nas
[19/04/2014 - 18:11:00 | D] - F:\Sauvegarde
[26/04/2014 - 16:50:31 | D] - F:\FFOutput
[06/06/2014 - 18:10:48 | RD] - F:\Documents
[25/07/2014 - 16:54:23 | D] - F:\Vidéos
[03/08/2014 - 13:13:54 | RD] - F:\Pictures
[03/08/2014 - 13:17:15 | RD] - F:\Videos
[17/08/2014 - 15:11:24 | RD] - F:\Music
[17/08/2014 - 21:28:37 | SHD] - F:\System Volume Information
[17/08/2014 - 23:46:44 | RD] - F:\Downloads

[b]################## | J:\ - Disque Fixe (NTFS) |[/b]

[15/08/2014 - 01:25:06 | D] - J:\Battle.net
[02/03/2014 - 18:10:40 | SHD] - J:\$RECYCLE.BIN
[18/03/2014 - 21:24:18 | D] - J:\Program Files (x86)
[18/03/2014 - 21:25:52 | D] - J:\titanfall
[22/03/2014 - 22:36:01 | D] - J:\UT2003
[26/06/2014 - 18:16:20 | D] - J:\Steam
[15/08/2014 - 12:01:10 | D] - J:\Origin
[16/08/2014 - 03:05:53 | D] - J:\Diablo III
[17/08/2014 - 15:42:25 | D] - J:\NEED FOR SPEED CARBON
[17/08/2014 - 21:28:37 | SHD] - J:\System Volume Information

[b]################## | P:\ - Disque Fixe (NTFS) |[/b]

[03/04/2014 - 13:42:30 | A | 2 Ko] - P:\License.txt
[04/04/2014 - 22:03:00 | A | 4 Ko] - P:\Version.txt
[30/05/2014 - 18:12:01 | A | 2 Ko] - P:\mp3DirectCut.ini
[02/04/2014 - 14:35:08 | A | 16 Ko] - P:\FAQ.htm
[04/04/2014 - 16:45:06 | A | 29 Ko] - P:\Manual.htm
[04/04/2014 - 20:42:54 | A | 132 Ko] - P:\mp3DirectCut.exe
[02/03/2014 - 17:40:32 | SHD] - P:\$RECYCLE.BIN
[26/04/2014 - 16:54:32 | D] - P:\Cheat Engine 6.3
[16/08/2014 - 20:10:59 | D] - P:\newshosting-1.6.1
[02/03/2014 - 20:27:02 | RD] - P:\Program Files
[26/04/2014 - 14:24:49 | D] - P:\FormatFactory
[07/05/2014 - 14:59:48 | D] - P:\Le Chercheur de Mots
[30/05/2014 - 17:58:04 | D] - P:\Languages
[07/06/2014 - 19:00:26 | D] - P:\CDBurnerXP
[01/08/2014 - 23:23:14 | D] - P:\OCCTPT
[12/08/2014 - 17:34:11 | D] - P:\Toolbox
[17/08/2014 - 15:29:47 | D] - P:\DAEMON Tools Lite
[17/08/2014 - 20:36:25 | RD] - P:\Program Files (x86)
[17/08/2014 - 20:57:55 | D] - P:\Antimalware Engine
[17/08/2014 - 21:28:37 | SHD] - P:\System Volume Information

[b]################## | Vaccin |[/b]

C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
J:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
P:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

[b]################## | E.O.F | [url=http://www.sosvirus.net/]http://www.sosvirus.net/[/url] | [url=http://www.usbfix.net/]http://www.usbfix.net/[/url] |[/b]
adx fix
Code: Tout sélectionner
¤¤¤¤¤¤¤¤¤¤ | AdsFix | g3n-h@ckm@n | 17.08.2014.8

¤¤¤¤¤ Vista | 7 | 8 | 8.1 - 32/64 bits ¤¤¤¤¤ - Start 23:49:12 - 17/08/2014

Mis à  jour le : 17/08/2014 | 23.30 par g3n-h@ckm@n
Contact : http://www.sosvirus.net" onclick="window.open(this.href);return false;
Assistance : http://www.sosvirus.net/forum-virus-securite.html" onclick="window.open(this.href);return false;
Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html" onclick="window.open(this.href);return false;
Boot: Normal boot
[Clement (Administrator)] - [CLEMENT-PC] - (France [040C])
SID = S-1-5-21-825608802-4289994647-314183835-1000 || [436C656D656E74]
PC : ASUSTeK COMPUTER INC. - Z87-C - All
Bios : American Megatrends Inc. - 05/17/2013
Système : Windows 7 Professional (64 bits) Professional Service Pack 1
Mémoire RAM = Total (MB) : 8325 | Libre (MB) : 6271
Pagefile = Total (MB) : 16648 | Libre (MB) : 14406
Virtuelle = Total (MB) : 4194 | Libre (MB) : 4004

Registre sauvegardé , pour restaurer : Cliquer sur Options & Restaurer le registre
Restauration de fichiers ou dossiers supprimés par erreur : Cliquer sur Options & Restaurer Fichiers ou dossiers, Sélectionner un élément >> "Restaurer"

¤¤¤¤¤¤¤¤¤¤ | Mises à  jour Windows

Aucune mise à  jour détectée !!!

¤¤¤¤¤¤¤¤¤¤ | Navigateurs

IE : 11.0.9600.17207 (© Microsoft Corporation. Tous droits réservés.)
GC : 36.0.1985.125 (Copyright 2012 Google Inc. All rights reserved.)

¤¤¤¤¤¤¤¤¤¤ | Security (atcav : 5)

AM : Malwarebytes' Anti-Malware (1.0.0.532) [2014.08.17.05]
FW :
WMI : OK
WU: Windows Update Service [Auto(2)] = Arrêté
AS: Windows Defender [Auto(2)] = Arrêté
FW: Windows FireWall Service [Auto(2)] = Arrêté

¤¤¤¤¤¤¤¤¤¤ | FlashPlayer


¤¤¤¤¤¤¤¤¤¤ | Processus tués

5596 | [Owner : Clement |Parent : 856] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.1.7600.16385) = C:\Windows\System32\wbem\unsecapp.exe
3392 | [Owner : SERVICE LOCAL |Parent : 1056] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l&#130;infrastructure de pilotes en mode utilisateur.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe
2508 | [Owner : Clement |Parent : 856] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (6.1.7600.16385) = C:\Windows\System32\rundll32.exe
6796 | [Owner : Système |Parent : 736] - (.Intel(R) Corporation - Intel(R) Capability Licensing Service Interface.) - (1.31.8.1) = C:\Program Files\Intel\iCLS Client\HeciServer.exe
2888 | [Owner : Système |Parent : 736] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
4572 | [Owner : SERVICE Rà‰SEAU |Parent : 940] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (6.1.7600.16385) = C:\Program Files\Windows Defender\MpCmdRun.exe
6548 | [Owner : Clement |Parent : 856] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (6.1.7600.16385) = C:\Windows\System32\rundll32.exe
2864 | [Owner : Système |Parent : 736] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe
2364 | [Owner : Clement |Parent : 3556] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.17567) = C:\Windows\explorer.exe
5824 | [Owner : Système |Parent : 2864] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.17610) = C:\Windows\System32\SearchProtocolHost.exe
4720 | [Owner : Système |Parent : 2864] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.7601.17610) = C:\Windows\System32\SearchFilterHost.exe
7064 | [Owner : Système |Parent : 736] - (.CybelSoft - Service de détection matériel.) - (7.1.3.0) = C:\Program Files\ma-config.com\MaConfigAgent.exe
7108 | [Owner : SERVICE Rà‰SEAU |Parent : 736] - (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
6280 | [Owner : Système |Parent : 736] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4311.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
6608 | [Owner : Système |Parent : 736] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe
5112 | [Owner : Système |Parent : 736] - (.Intel(R) Corporation - Intel(R) Capability Licensing Service Interface.) - (1.31.8.1) = C:\Program Files\Intel\iCLS Client\HeciServer.exe

¤¤¤¤¤¤¤¤¤¤ | Services


Service stoppé : WINDEFEND
Service stoppé : WinHttpAutoProxysvc
Service stoppé : Webclient
Service stoppé : SSDPSRV
Service stoppé : DNScache

¤¤¤¤¤¤¤¤¤¤ | Hosts

C:\Windows\System32\Drivers\etc\hosts : Remis a zéro avec succès

¤¤¤¤¤¤¤¤¤¤ | SafeBoot


¤¤¤¤¤¤¤¤¤¤ | Registre

Supprimé avec succès : HKLM\SOFTWARE\Classes\Interface\{3856F531-CD1E-4B00-91C7-ED75EC8E7C18} : IOneTab
Supprimé avec succès : HKLM\SOFTWARE\Classes\Interface\{DAF611F6-C2A6-41E8-B9A9-AFC0EFFDA9ED} : ISafeshop
Supprimé avec succès : HKLM64\SOFTWARE\Classes\Interface\{3856F531-CD1E-4B00-91C7-ED75EC8E7C18} : IOneTab
Supprimé avec succès : HKLM64\SOFTWARE\Classes\Interface\{DAF611F6-C2A6-41E8-B9A9-AFC0EFFDA9ED} : ISafeshop
Supprimé avec succès : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465} : ShopperReports.dll
Supprimé avec succès : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} : alotBHO.dll;alotBHO.dll
Supprimé avec succès : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754} : ShoppingReport.dll
Supprimé avec succès : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7} : PCTBrowserDefender.dll
Supprimé avec succès : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} : BabylonToolbar.dll
Supprimé avec succès : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825} : PCTBrowserDefender.dll
Supprimé avec succès : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{57F02779-3D88-4958-8AD3-83C12D86ADC7} : advancedsearchbar.dll
Supprimé avec succès : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} : alot.dll;alot.dll
Supprimé avec succès : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} : BabylonToolbar.dll
Supprimé avec succès : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} : ShoppingReport.dll
Supprimé avec succès : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CDEEC43D-3572-4E95-A2A5-F519D29F00C0} : advancedsearchbar.dll
Supprimé avec succès : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Supprimé avec succès : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}
Supprimé avec succès : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754}
Supprimé avec succès : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Supprimé avec succès : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Supprimé avec succès : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}
Supprimé avec succès : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{57F02779-3D88-4958-8AD3-83C12D86ADC7}
Supprimé avec succès : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Supprimé avec succès : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600} : SuperfishIEAddon.dll;SuperfishIEAddon.dll
Supprimé avec succès : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Supprimé avec succès : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Supprimé avec succès : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CDEEC43D-3572-4E95-A2A5-F519D29F00C0}

¤¤¤¤¤¤¤¤¤¤ | Offsets


¤¤¤¤¤¤¤¤¤¤ | reparsepoint



¤¤¤¤¤¤¤¤¤¤ | Dossiers | Fichiers

Supprimé avec succès : C:\Users\Clement\Documents\APNSetup.exe (Copyright © 2013 Ask Partner Network. All rights reserved..- .Stub Installer) ApnSetup.exe
Supprimé avec succès : C:\Users\Clement\AppData\Local\Microsoft\Feeds Cache\QQSA6R9H
Supprimé avec succès : C:\Users\Clement\AppData\Local\Temp\jrt\browsermngr_keys.cfg (.- .)
Supprimé avec succès : C:\Users\Clement\AppData\Local\Temp\jrt\browsermngr_values.cfg (.- .)
Supprimé avec succès : C:\Users\Clement\AppData\Local\Temp\jrt\FFbrowsermngr.dat (.- .)
[D5]Supprimé avec succès : C:\Users\Clement\AppData\Roaming\Bubble Dock.installation.log
[D5]Supprimé avec succès : C:\Users\Clement\AppData\Roaming\WindApp.boostrap.log
[D5]Supprimé avec succès : C:\Users\Clement\AppData\Roaming\WindApp.installation.log

¤¤¤¤¤¤¤¤¤¤ | .LNK


¤¤¤¤¤¤¤¤¤¤ | Ouverture extension inconnue


¤¤¤¤¤¤¤¤¤¤ | Proxy


¤¤¤¤¤¤¤¤¤¤ | Internet Explorer

Réparé : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main]|[Local Page] : C:\Windows\System32\blank.htm -> C:\Windows\SysWOW64\blank.htm
Réparé : [HKU\S-1-5-21-825608802-4289994647-314183835-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window Title]|[] : -> Internet Explorer
Réparé : [HKU\S-1-5-21-825608802-4289994647-314183835-1000\SOFTWARE\Microsoft\Internet Explorer\Main]|[Search Bar] : -> http://www.google.com/" onclick="window.open(this.href);return false;
Réparé : [HKU\S-1-5-21-825608802-4289994647-314183835-1000\SOFTWARE\Microsoft\Internet Explorer\Main]|[Start Default_Page_URL] : -> http://www.google.com/" onclick="window.open(this.href);return false;
Réparé : [HKU\S-1-5-21-825608802-4289994647-314183835-1000\SOFTWARE\Microsoft\Internet Explorer\Main]|[Local Page] : C:\Windows\system32\blank.htm -> C:\Windows\SysWOW64\blank.htm
Réparé : [HKU\S-1-5-21-825608802-4289994647-314183835-1000\SOFTWARE\Microsoft\Internet Explorer\Main]|[Default_Search_URL] : -> http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
Réparé : [HKU\S-1-5-21-825608802-4289994647-314183835-1000\SOFTWARE\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : -> http://go.microsoft.com/fwlink/?LinkId=69157" onclick="window.open(this.href);return false;
Réparé : [HKU\S-1-5-21-825608802-4289994647-314183835-1000\SOFTWARE\Microsoft\Internet Explorer\SearchURL]|[Default] : -> http://www.google.com/" onclick="window.open(this.href);return false;
Réparé : [HKU\S-1-5-21-825608802-4289994647-314183835-1000\SOFTWARE\Microsoft\Internet Explorer\Main]|[CustomizeSearch] : -> http://www.google.com/" onclick="window.open(this.href);return false;
Réparé : [HKU\S-1-5-21-825608802-4289994647-314183835-1000\SOFTWARE\Microsoft\Internet Explorer\Search]|[SearchAssistant] : -> http://www.google.com/" onclick="window.open(this.href);return false;
Réparé : [HKU\S-1-5-21-825608802-4289994647-314183835-1000\SOFTWARE\Microsoft\Internet Explorer\Search]|[Search Bar] : -> http://www.google.com/" onclick="window.open(this.href);return false;
Réparé : [HKU\S-1-5-21-825608802-4289994647-314183835-1000\SOFTWARE\Microsoft\Internet Explorer\Search]|[Start Page] : -> http://www.google.com/" onclick="window.open(this.href);return false;
Réparé : [HKU\S-1-5-21-825608802-4289994647-314183835-1000\SOFTWARE\Microsoft\Internet Explorer\Search]|[Start Default_Page_URL] : -> http://www.google.com/" onclick="window.open(this.href);return false;
Réparé : [HKU\S-1-5-21-825608802-4289994647-314183835-1000\SOFTWARE\Microsoft\Internet Explorer\Search]|[Local Page] : -> C:\Windows\SysWOW64\blank.htm
Réparé : [HKU\S-1-5-21-825608802-4289994647-314183835-1000\SOFTWARE\Microsoft\Internet Explorer\Search]|[Search Page] : -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" onclick="window.open(this.href);return false;
Réparé : [HKU\S-1-5-21-825608802-4289994647-314183835-1000\SOFTWARE\Microsoft\Internet Explorer\Search]|[Default_Search_URL] : -> http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
Réparé : [HKU\S-1-5-21-825608802-4289994647-314183835-1000\SOFTWARE\Microsoft\Internet Explorer\Search]|[Default_Page_URL] : -> http://go.microsoft.com/fwlink/?LinkId=69157" onclick="window.open(this.href);return false;
Réparé : [HKU\S-1-5-21-825608802-4289994647-314183835-1000\SOFTWARE\Microsoft\Internet Explorer\Search]|[CustomizeSearch] : -> http://www.google.com/" onclick="window.open(this.href);return false;
Réparé : [HKU\S-1-5-21-825608802-4289994647-314183835-1000\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]|[Tabs] : -> http://www.google.com/" onclick="window.open(this.href);return false;

¤¤¤¤¤¤¤¤¤¤ | Google Chrome

[Clement] Remis a zéro avec succès : SearchURL

[Clement | Default] : aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx" onclick="window.open(this.href);return false;
[Clement | Default] : apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app" onclick="window.open(this.href);return false; - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - http://clients2.google.com/service/update2/crx" onclick="window.open(this.href);return false;
[Clement | Default] : blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com" onclick="window.open(this.href);return false; - http://www.youtube.com/?feature=ytca" onclick="window.open(this.href);return false; - Google & co - http://clients2.google.com/service/update2/crx" onclick="window.open(this.href);return false;
[Clement | Default] : cfhdojbkjhnklbpkdaibdccddilifddb = : __MSG_description_chrome__ - __MSG_name__ - https://clients2.google.com/service/update2/crx" onclick="window.open(this.href);return false;
[Clement | Default] : coobgpohoikkiipiblmjeljniedjpjpf = : Google & co - http://www.google.com/webhp?source=search_app" onclick="window.open(this.href);return false; - Google & co - [*://www.google.com/search*://www.google.com/webhp*://www.google.com/imgres] - http://clients2.google.com/service/update2/crx" onclick="window.open(this.href);return false;
[Clement | Default] : dlkebobkkpgcbkhfhiaejpkflhgpgkig = : Application Chrome Seedbox.fr - Seedbox.fr Extension Chrome - http://clients2.google.com/service/update2/crx" onclick="window.open(this.href);return false;
[Clement | Default] : epanfjkfahimkgomnigadpkobaefekcd = : Protect your privacy. Stop companies & advertisers from tracking your browsing and sending you spam email. - DoNotTrackMe: Online Privacy Protection - permissions:[webRequestwebRequestBlockingtabscookies\u003Call_urls>contextMenusclipboardWritestorage] - https://clients2.google.com/service/update2/crx" onclick="window.open(this.href);return false;
[Clement | Default] : gighmmpiobklfepjocnamgkkbiglidom = : __MSG_description2__ - AdBlock - https://clients2.google.com/service/update2/crx" onclick="window.open(this.href);return false;
[Clement | Default] : gomekmidlodglbbmalcneegieacbdmki = : Avast Browser Security and Web Reputation Plugin. - avast! Online Security - https://clients2.google.com/service/update2/crx" onclick="window.open(this.href);return false;
[Clement | Default] : hdokiejnpimakedhajhdlcegeplioahd = : LastPass an award-winning password manager saves your passwords and gives you secure access from every computer and mobile device. - short_name: LastPass - https://clients2.google.com/service/update2/crx" onclick="window.open(this.href);return false;
[Clement | Default] : nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx" onclick="window.open(this.href);return false;
[Clement | Default] : onhbegdkgonhlokobjefolhpoidcnida = : __MSG_chromeExtensionDescription__ - Synology Download Station - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx" onclick="window.open(this.href);return false;
[Clement | Default] : pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca" onclick="window.open(this.href);return false; - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx" onclick="window.open(this.href);return false;

¤¤¤¤¤¤¤¤¤¤ | Chromium



¤¤¤¤¤¤¤¤¤¤ | Comodo Dragon



¤¤¤¤¤¤¤¤¤¤ | Firefox



¤¤¤¤¤¤¤¤¤¤ | SeaMonkey



¤¤¤¤¤¤¤¤¤¤ | Pale moon



¤¤¤¤¤¤¤¤¤¤ | Opera


¤¤¤¤¤¤¤¤¤¤ | Spark


¤¤¤¤¤¤¤¤¤¤ | StartMenuInternet


¤¤¤¤¤¤¤¤¤¤ | AppCertDlls | AppInit_DLLs


¤¤¤¤¤¤¤¤¤¤ | Javascript


¤¤¤¤¤¤¤¤¤¤ | Firewall


¤¤¤¤¤¤¤¤¤¤ | ADS

¤¤¤¤¤¤¤¤¤¤ | Fichiers temporaires

[All Users] Fichiers temporaires Supprimés : 0 Ko
[Clement] Fichiers temporaires Supprimés : 166132 Ko
[Default] Fichiers temporaires Supprimés : 0 Ko
[Default User] Fichiers temporaires Supprimés : 0 Ko
[Public] Fichiers temporaires Supprimés : 0 Ko
[C:\Windows\Temp] Fichiers temporaires Supprimés : 0 Ko
[C:\Temp] Fichiers temporaires Supprimés : 40 Ko


Autre rapport


¤¤¤¤¤¤¤¤¤¤ | Listing


¤¤¤¤¤¤¤¤¤¤ | C:\Program Files (x86)

[01/03/2014 17:44:39] - |D| - C:\Program Files (x86)\Adobe
[01/03/2014 20:07:30] - |D| - C:\Program Files (x86)\AGEIA Technologies
[18/04/2014 15:57:39] - |D| - C:\Program Files (x86)\AOMEI Partition Assistant Standard Edition 5.5
[01/03/2014 16:37:43] - |D| - C:\Program Files (x86)\ASUS
[30/05/2014 17:51:27] - |D| - C:\Program Files (x86)\Audacity
[14/07/2009 05:20:08] - |D| - C:\Program Files (x86)\Common Files
[14/07/2009 06:54:24] - |ASH| - C:\Program Files (x86)\desktop.ini
[22/03/2014 22:36:04] - |D| - C:\Program Files (x86)\directx
[18/04/2014 15:48:10] - |D| - C:\Program Files (x86)\EaseUS
[01/03/2014 16:40:22] - |D| - C:\Program Files (x86)\Google
[10/06/2014 16:47:36] - |D| - C:\Program Files (x86)\HMA! Pro VPN
[09/04/2014 13:21:17] - |D| - C:\Program Files (x86)\ImageWriter
[01/03/2014 16:38:40] - |HD| - C:\Program Files (x86)\InstallShield Installation Information
[01/03/2014 16:41:15] - |D| - C:\Program Files (x86)\Intel
[14/07/2009 05:20:08] - |D| - C:\Program Files (x86)\Internet Explorer
[18/04/2014 18:28:36] - |D| - C:\Program Files (x86)\Java
[17/08/2014 22:50:09] - |D| - C:\Program Files (x86)\Malwarebytes Anti-Malware
[02/03/2014 20:23:20] - |D| - C:\Program Files (x86)\Microsoft Analysis Services
[02/03/2014 20:23:15] - |D| - C:\Program Files (x86)\Microsoft Office
[02/03/2014 20:23:53] - |D| - C:\Program Files (x86)\Microsoft SQL Server
[30/05/2014 15:27:55] - |D| - C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[01/03/2014 20:03:42] - |D| - C:\Program Files (x86)\Microsoft.NET
[14/07/2009 07:32:38] - |D| - C:\Program Files (x86)\MSBuild
[18/04/2014 17:25:45] - |D| - C:\Program Files (x86)\No-IP
[01/03/2014 20:07:02] - |D| - C:\Program Files (x86)\NVIDIA Corporation
[10/03/2014 19:13:12] - |D| - C:\Program Files (x86)\Origin
[01/03/2014 16:38:40] - |D| - C:\Program Files (x86)\Realtek
[14/07/2009 07:32:38] - |D| - C:\Program Files (x86)\Reference Assemblies
[17/08/2014 21:24:31] - |D| - C:\Program Files (x86)\Spyware Terminator
[17/04/2014 14:37:33] - |D| - C:\Program Files (x86)\Synology
[01/03/2014 16:41:59] - |HD| - C:\Program Files (x86)\Temp
[15/04/2014 13:04:13] - |D| - C:\Program Files (x86)\Tweaking.com
[14/07/2009 06:57:06] - |HD| - C:\Program Files (x86)\Uninstall Information
[14/07/2009 07:32:38] - |D| - C:\Program Files (x86)\Windows Defender
[30/05/2014 15:27:44] - |D| - C:\Program Files (x86)\Windows Live
[14/07/2009 05:20:08] - |D| - C:\Program Files (x86)\Windows Mail
[14/07/2009 07:32:38] - |D| - C:\Program Files (x86)\Windows Media Player
[14/07/2009 05:20:08] - |D| - C:\Program Files (x86)\Windows NT
[14/07/2009 07:32:38] - |D| - C:\Program Files (x86)\Windows Photo Viewer
[14/07/2009 07:32:38] - |D| - C:\Program Files (x86)\Windows Portable Devices
[14/07/2009 07:32:38] - |D| - C:\Program Files (x86)\Windows Sidebar
[17/08/2014 23:27:52] - |D| - C:\Program Files (x86)\ZHPDiag

¤¤¤¤¤¤¤¤¤¤ | C:\Program Files

[01/03/2014 16:37:45] - |D| - C:\Program Files\ASUS
[02/03/2014 16:05:23] - |D| - C:\Program Files\AVAST Software
[15/04/2014 13:12:19] - |D| - C:\Program Files\CCleaner
[14/07/2009 05:20:08] - |D| - C:\Program Files\Common Files
[14/07/2009 06:54:24] - |ASH| - C:\Program Files\desktop.ini
[14/07/2009 07:32:38] - |D| - C:\Program Files\DVD Maker
[01/03/2014 16:30:51] - |SHD| - C:\Program Files\Fichiers communs
[01/03/2014 16:44:08] - |D| - C:\Program Files\Intel
[14/07/2009 05:20:08] - |D| - C:\Program Files\Internet Explorer
[01/03/2014 16:57:26] - |D| - C:\Program Files\ma-config.com
[02/03/2014 20:23:20] - |D| - C:\Program Files\Microsoft Analysis Services
[02/03/2014 20:23:13] - |D| - C:\Program Files\Microsoft Office
[02/03/2014 20:23:42] - |D| - C:\Program Files\Microsoft SQL Server
[15/08/2014 11:54:41] - |D| - C:\Program Files\Microsoft Xbox 360 Accessories
[02/03/2014 20:23:53] - |D| - C:\Program Files\Microsoft.NET
[14/07/2009 07:32:38] - |D| - C:\Program Files\MSBuild
[09/08/2014 11:19:17] - |D| - C:\Program Files\Newshosting
[01/03/2014 19:35:37] - |D| - C:\Program Files\NVIDIA Corporation
[09/04/2014 13:08:47] - |D| - C:\Program Files\Oracle
[17/07/2014 22:16:32] - |D| - C:\Program Files\Realtek
[14/07/2009 07:32:38] - |D| - C:\Program Files\Reference Assemblies
[01/03/2014 17:13:19] - |D| - C:\Program Files\Saitek
[21/03/2014 21:13:34] - |D| - C:\Program Files\Tracker Software
[14/07/2009 07:09:26] - |HD| - C:\Program Files\Uninstall Information
[25/04/2014 17:39:57] - |D| - C:\Program Files\VideoLAN
[14/07/2009 07:32:38] - |D| - C:\Program Files\Windows Defender
[14/07/2009 17:35:39] - |D| - C:\Program Files\Windows Journal
[14/07/2009 05:20:08] - |D| - C:\Program Files\Windows Mail
[14/07/2009 07:32:38] - |D| - C:\Program Files\Windows Media Player
[14/07/2009 05:20:08] - |D| - C:\Program Files\Windows NT
[14/07/2009 07:32:38] - |D| - C:\Program Files\Windows Photo Viewer
[14/07/2009 07:32:38] - |D| - C:\Program Files\Windows Portable Devices
[14/07/2009 07:32:38] - |D| - C:\Program Files\Windows Sidebar

¤¤¤¤¤¤¤¤¤¤ | C:\Program Files (x86)\Common Files

[01/03/2014 17:36:12] - |D| - C:\Program Files (x86)\Common Files\Adobe AIR
[15/08/2014 01:24:58] - |D| - C:\Program Files (x86)\Common Files\Blizzard Entertainment
[18/03/2014 22:39:22] - |HD| - C:\Program Files (x86)\Common Files\EAInstaller
[01/03/2014 16:41:56] - |D| - C:\Program Files (x86)\Common Files\InstallShield
[01/03/2014 16:49:48] - |D| - C:\Program Files (x86)\Common Files\Intel Corporation
[18/04/2014 18:28:42] - |D| - C:\Program Files (x86)\Common Files\Java
[14/07/2009 05:20:08] - |D| - C:\Program Files (x86)\Common Files\microsoft shared
[17/08/2014 21:16:02] - |D| - C:\Program Files (x86)\Common Files\PC Tools
[01/03/2014 16:43:46] - |D| - C:\Program Files (x86)\Common Files\postureAgent
[14/07/2009 05:20:08] - |D| - C:\Program Files (x86)\Common Files\Services
[02/03/2014 19:45:35] - |D| - C:\Program Files (x86)\Common Files\Skype
[14/07/2009 05:20:08] - |D| - C:\Program Files (x86)\Common Files\SpeechEngines
[10/03/2014 15:11:51] - |D| - C:\Program Files (x86)\Common Files\Steam
[14/07/2009 05:20:08] - |D| - C:\Program Files (x86)\Common Files\System
[30/05/2014 15:23:55] - |D| - C:\Program Files (x86)\Common Files\Windows Live

¤¤¤¤¤¤¤¤¤¤ | C:\Program Files\Common Files

[02/03/2014 20:23:57] - |D| - C:\Program Files\Common Files\DESIGNER
[14/07/2009 05:20:08] - |D| - C:\Program Files\Common Files\Microsoft Shared
[14/07/2009 05:20:08] - |D| - C:\Program Files\Common Files\Services
[14/07/2009 05:20:08] - |D| - C:\Program Files\Common Files\SpeechEngines
[14/07/2009 05:20:08] - |D| - C:\Program Files\Common Files\System

¤¤¤¤¤¤¤¤¤¤ | C:\Users\Clement\AppData\Roaming

[01/03/2014 17:36:03] - |D| - C:\Users\Clement\AppData\Roaming\Adobe
[30/05/2014 17:51:31] - |D| - C:\Users\Clement\AppData\Roaming\Audacity
[02/03/2014 16:06:23] - |D| - C:\Users\Clement\AppData\Roaming\AVAST Software
[15/08/2014 01:25:08] - |D| - C:\Users\Clement\AppData\Roaming\Battle.net
[07/06/2014 19:00:26] - |D| - C:\Users\Clement\AppData\Roaming\Canneverbe Limited
[10/03/2014 15:22:55] - |D| - C:\Users\Clement\AppData\Roaming\com.spiderneo.junglertimer
[17/08/2014 15:10:48] - |D| - C:\Users\Clement\AppData\Roaming\DAEMON Tools Lite
[01/03/2014 16:30:55] - |D| - C:\Users\Clement\AppData\Roaming\Identities
[01/03/2014 16:43:23] - |D| - C:\Users\Clement\AppData\Roaming\InstallShield
[01/03/2014 16:44:52] - |D| - C:\Users\Clement\AppData\Roaming\Intel Corporation
[17/08/2014 20:45:41] - |D| - C:\Users\Clement\AppData\Roaming\Lavasoft
[17/08/2014 20:45:16] - |D| - C:\Users\Clement\AppData\Roaming\LavasoftStatistics
[01/03/2014 20:45:29] - |D| - C:\Users\Clement\AppData\Roaming\LolClient
[01/03/2014 17:36:03] - |D| - C:\Users\Clement\AppData\Roaming\Macromedia
[02/03/2014 19:13:17] - |D| - C:\Users\Clement\AppData\Roaming\Malwarebytes
[01/03/2014 16:30:52] - |D| - C:\Users\Clement\AppData\Roaming\Media Center Programs
[01/03/2014 16:30:52] - |SD| - C:\Users\Clement\AppData\Roaming\Microsoft
[02/03/2014 19:18:15] - |D| - C:\Users\Clement\AppData\Roaming\Mumble
[12/08/2014 17:34:20] - |D| - C:\Users\Clement\AppData\Roaming\naviextras
[28/07/2014 21:02:43] - |D| - C:\Users\Clement\AppData\Roaming\Newshosting
[09/04/2014 13:14:34] - |D| - C:\Users\Clement\AppData\Roaming\NVIDIA
[11/03/2014 19:26:47] - |D| - C:\Users\Clement\AppData\Roaming\Origin
[02/03/2014 19:45:37] - |D| - C:\Users\Clement\AppData\Roaming\Skype
[17/08/2014 21:24:33] - |D| - C:\Users\Clement\AppData\Roaming\Spyware Terminator
[17/08/2014 15:18:08] - |D| - C:\Users\Clement\AppData\Roaming\Store
[17/08/2014 21:13:55] - |D| - C:\Users\Clement\AppData\Roaming\TestApp
[18/04/2014 14:32:13] - |D| - C:\Users\Clement\AppData\Roaming\uTorrent
[25/04/2014 17:44:07] - |D| - C:\Users\Clement\AppData\Roaming\vlc
[01/03/2014 17:11:14] - |D| - C:\Users\Clement\AppData\Roaming\WinRAR
[17/08/2014 23:27:52] - |D| - C:\Users\Clement\AppData\Roaming\ZHP

¤¤¤¤¤¤¤¤¤¤ | C:\Users\Clement\AppData\Local

[01/03/2014 17:44:33] - |D| - C:\Users\Clement\AppData\Local\Adobe
[01/03/2014 16:30:52] - |SHD| - C:\Users\Clement\AppData\Local\Application Data
[02/03/2014 19:00:31] - |D| - C:\Users\Clement\AppData\Local\Apps
[17/08/2014 19:50:08] - |A| - C:\Users\Clement\AppData\Local\ars.cache
[15/08/2014 01:25:08] - |D| - C:\Users\Clement\AppData\Local\Battle.net
[15/08/2014 01:25:21] - |D| - C:\Users\Clement\AppData\Local\Blizzard Entertainment
[17/08/2014 19:50:12] - |A| - C:\Users\Clement\AppData\Local\census.cache
[28/07/2014 21:03:24] - |D| - C:\Users\Clement\AppData\Local\CrashRpt
[02/03/2014 19:00:31] - |D| - C:\Users\Clement\AppData\Local\Deployment
[14/06/2014 15:43:26] - |D| - C:\Users\Clement\AppData\Local\Diagnostics
[03/08/2014 13:05:31] - |D| - C:\Users\Clement\AppData\Local\ElevatedDiagnostics
[12/07/2014 23:11:13] - |SHD| - C:\Users\Clement\AppData\Local\EmieSiteList
[12/07/2014 23:11:13] - |SHD| - C:\Users\Clement\AppData\Local\EmieUserList
[11/03/2014 18:15:18] - |D| - C:\Users\Clement\AppData\Local\fontconfig
[01/03/2014 16:44:52] - |A| - C:\Users\Clement\AppData\Local\GDIPFONTCACHEV1.DAT
[11/03/2014 18:15:17] - |D| - C:\Users\Clement\AppData\Local\gegl-0.2
[01/03/2014 16:40:22] - |D| - C:\Users\Clement\AppData\Local\Google
[11/03/2014 18:38:51] - |D| - C:\Users\Clement\AppData\Local\gtk-2.0
[01/03/2014 16:30:52] - |SHD| - C:\Users\Clement\AppData\Local\Historique
[17/08/2014 19:31:18] - |A| - C:\Users\Clement\AppData\Local\housecall.guid.cache
[17/08/2014 22:24:53] - |AH| - C:\Users\Clement\AppData\Local\IconCache.db
[10/06/2014 16:48:02] - |D| - C:\Users\Clement\AppData\Local\IsolatedStorage
[01/03/2014 16:30:52] - |D| - C:\Users\Clement\AppData\Local\Microsoft
[02/03/2014 20:23:15] - |D| - C:\Users\Clement\AppData\Local\Microsoft Help
[28/07/2014 21:03:25] - |D| - C:\Users\Clement\AppData\Local\Newshosting
[01/03/2014 20:15:04] - |D| - C:\Users\Clement\AppData\Local\NVIDIA
[18/05/2014 18:09:23] - |D| - C:\Users\Clement\AppData\Local\NVIDIA Corporation
[02/03/2014 16:59:30] - |D| - C:\Users\Clement\AppData\Local\O&O
[01/03/2014 17:35:46] - |D| - C:\Users\Clement\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me
[18/03/2014 21:10:38] - |D| - C:\Users\Clement\AppData\Local\Origin
[01/03/2014 16:50:32] - |D| - C:\Users\Clement\AppData\Local\Programs
[27/07/2014 02:34:27] - |A| - C:\Users\Clement\AppData\Local\PUTTY.RND
[11/03/2014 18:35:57] - |A| - C:\Users\Clement\AppData\Local\recently-used.xbel
[01/03/2014 16:30:52] - |D| - C:\Users\Clement\AppData\Local\Temp
[01/03/2014 16:30:52] - |SHD| - C:\Users\Clement\AppData\Local\Temporary Internet Files
[12/03/2014 16:43:54] - |D| - C:\Users\Clement\AppData\Local\Ubisoft Game Launcher
[01/03/2014 16:30:54] - |D| - C:\Users\Clement\AppData\Local\VirtualStore
[18/04/2014 17:25:48] - |D| - C:\Users\Clement\AppData\Local\Vitalwerks
[30/05/2014 15:24:02] - |D| - C:\Users\Clement\AppData\Local\Windows Live

¤¤¤¤¤¤¤¤¤¤ | C:\ProgramData

[01/03/2014 17:36:13] - |D| - C:\ProgramData\Adobe
[14/07/2009 07:08:56] - |SHD| - C:\ProgramData\Application Data
[17/07/2014 22:07:37] - |D| - C:\ProgramData\ASUS
[02/03/2014 16:04:36] - |D| - C:\ProgramData\AVAST Software
[10/03/2014 15:14:51] - |D| - C:\ProgramData\Battle.net
[15/08/2014 01:24:53] - |D| - C:\ProgramData\Blizzard Entertainment
[01/03/2014 16:30:51] - |SHD| - C:\ProgramData\Bureau
[07/06/2014 19:00:28] - |D| - C:\ProgramData\Canneverbe Limited
[26/03/2014 14:41:03] - |HD| - C:\ProgramData\CanonBJ
[28/07/2014 21:03:18] - |D| - C:\ProgramData\Caphyon
[17/08/2014 15:10:05] - |D| - C:\ProgramData\DAEMON Tools Lite
[14/07/2009 07:08:56] - |SHD| - C:\ProgramData\Desktop
[14/07/2009 07:08:56] - |SHD| - C:\ProgramData\Documents
[18/03/2014 21:17:19] - |D| - C:\ProgramData\Electronic Arts
[01/03/2014 16:30:51] - |SHD| - C:\ProgramData\Favoris
[14/07/2009 07:08:56] - |SHD| - C:\ProgramData\Favorites
[01/03/2014 16:44:09] - |D| - C:\ProgramData\Intel
[17/08/2014 20:40:57] - |D| - C:\ProgramData\Lavasoft
[01/03/2014 16:57:26] - |D| - C:\ProgramData\ma-config.com
[02/03/2014 19:13:17] - |D| - C:\ProgramData\Malwarebytes
[01/03/2014 16:30:51] - |SHD| - C:\ProgramData\Menu Démarrer
[14/07/2009 05:20:08] - |SD| - C:\ProgramData\Microsoft
[02/03/2014 20:23:12] - |D| - C:\ProgramData\Microsoft Help
[02/03/2014 20:14:02] - |D| - C:\ProgramData\Microsoft Toolkit
[01/03/2014 16:30:51] - |SHD| - C:\ProgramData\Modèles
[01/03/2014 20:07:22] - |D| - C:\ProgramData\NVIDIA
[01/03/2014 20:07:03] - |D| - C:\ProgramData\NVIDIA Corporation
[02/03/2014 16:59:08] - |D| - C:\ProgramData\OO Software
[18/04/2014 18:28:44] - |D| - C:\ProgramData\Oracle
[11/03/2014 19:26:22] - |D| - C:\ProgramData\Origin
[17/08/2014 21:13:55] - |D| - C:\ProgramData\PC Tools
[02/03/2014 20:23:48] - |D| - C:\ProgramData\regid.1991-06.com.microsoft
[16/07/2014 14:50:11] - |D| - C:\ProgramData\Riot Games
[11/03/2014 18:59:49] - |D| - C:\ProgramData\Saitek
[01/03/2014 16:50:52] - |D| - C:\ProgramData\Samsung
[02/03/2014 19:45:15] - |D| - C:\ProgramData\Skype
[17/08/2014 21:24:33] - |D| - C:\ProgramData\Spyware Terminator
[14/07/2009 07:08:56] - |SHD| - C:\ProgramData\Start Menu
[18/04/2014 18:28:43] - |D| - C:\ProgramData\Sun
[17/04/2014 14:37:34] - |D| - C:\ProgramData\Synology
[17/08/2014 21:13:56] - |D| - C:\ProgramData\TEMP
[14/07/2009 07:08:56] - |SHD| - C:\ProgramData\Templates
[19/04/2014 13:11:27] - |D| - C:\ProgramData\Vitalwerks

Eléments analysés : 214465 | Modifiés : 19 | Infectés : 36

¤¤¤¤¤¤¤¤¤¤ |EOF| ¤¤¤¤¤¤¤¤¤¤ | 00:08:20 | [31 Ko]
Avatar du membre
par klem1
#197389
oops désolé et enfin le ZHP Diag
Code: Tout sélectionner
~ Rapport de ZHPDiag v2014.8.16.119 - Nicolas Coolman (16/08/2014)
~ Lancé par Clement (18/08/2014 00:14:30)
~ Adresse du Site Web http://nicolascoolman.fr" onclick="window.open(this.href);return false;
~ Adresse du Forum http://forum.nicolascoolman.fr" onclick="window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à  jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17207
GCIE: Google Chrome v36.0.1985.125 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, VOLUME_KMSCLIENT channel
Windows ID Activation : OK
~ Windows Partial Key : GPDD4
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2021
Malwarebytes Anti-Malware version 2.0.2.1012
Windows Defender W7 (Activate)

---\\ Logiciels d'optimisation du système
CCleaner v4.12

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Java 7 Update 55

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8130 MB (70% free)
System Restore: Activé (Enable)
System drive C: has 42 GB (39%) free of 107 GB

---\\ Mode de connexion au système
~ Computer Name: CLEMENT-PC
~ User Name: Clement
~ All Users Names: Clement, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Clement\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Clement\AppData\Roaming\
~ %Desktop% : C:\Users\Clement\Desktop\
~ %Favorites% : C:\Users\Clement\Favorites\
~ %LocalAppData% : C:\Users\Clement\AppData\Local\
~ %StartMenu% : C:\Users\Clement\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 42 Go of 107 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
F: Hard drive, Flash drive, Thumb drive (Free 519 Go of 977 Go)
J: Hard drive, Flash drive, Thumb drive (Free 302 Go of 443 Go)
P: Hard drive, Flash drive, Thumb drive (Free 419 Go of 443 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.18/06/2014 - 23:58:27.) -- C:\Windows\System32\wininet.dll [2266112]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Application d&#130;ouverture de session Windows.) (.04/03/2014 - 10:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.BC204AB3FBC84E419DBC486E3CC5CE94] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 12:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.25/02/2011 - 07:25:38.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 1/24
~ Mes Documents (My Documents) : 2/35
~ Mon Bureau (My Desktop) : 1/42
~ Menu demarrer (Programs) : 1/40
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.94626EA1B95A54444B950759BE5679E7] - (.ASUSTeK Computer Inc. - Pas de description.) -- C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [1389368] [PID.2072]
[MD5.AB6CE6F1827345453030E09533BD744B] - (...) -- C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [1218360] [PID.2080]
[MD5.4FBC630768570E6AC35C3DE8F6EC79F5] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6970168] [PID.2116]
[MD5.C56AEF21A76A6E2BB36A384B2C96389F] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104] [PID.4428]
[MD5.ADDF1D80161DA7C5FB9D725EED986655] - (...) -- C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\EPUShortCut.exe [1221432] [PID.4280]
[MD5.AAA77701508F8AD3585461E67BE40AF2] - (.Samsung Electronics. - Samsung Magician Application.) -- P:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [4737440] [PID.5588]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.5556]
[MD5.26B558B2D31C7425B455B00E562EAD93] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [4085896] [PID.5680]
[MD5.6F815EE8023E715353C4D9F88F75D2B6] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8092160] [PID.6664]
[MD5.D2230317777033CD0456990BFC4994E5] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [411936] [PID.1000]
[MD5.73F5C13B431915BAE35254B4E95DFB71] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1468]
[MD5.BBF8F831C7720DD5135D8C4C8325187A] - (...) -- C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728] [PID.528]
[MD5.E536856E96A7605EBF580D62A868E5FE] - (...) -- C:\Windows\SysWOW64\ASGT.exe [55296] [PID.2204]
[MD5.893481D570E97CED36EC7EBD56ADBF24] - (.ASUSTeK Computer Inc. - Pas de description.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [945152] [PID.2224]
[MD5.7683F046E48265C83E40EB3D4492E78E] - (.ASUSTeK Computer Inc. - ASUS Motherboard Fan Control Service.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.22\AsusFanControlService.exe [1639424] [PID.2260]
[MD5.D84AEA3F3329D622DFC1297DDDF6163B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720] [PID.2864]
[MD5.4F45ED469906494F9BF754E476390DBD] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472] [PID.2464]
[MD5.D0F743BD1F8E402E4A52D83574828AC2] - (.Pas de propriétaire - ducservice.) -- C:\Program Files (x86)\No-IP\ducservice.exe [10752] [PID.2692]
[MD5.D6310F79E51D1F997E964E81DD368AEA] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608] [PID.2652]
[MD5.635686E528F2C9CB916EC1BB04EE6AD1] - (...) -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736] [PID.3076]
[MD5.6241810294275CEA59EBA9733080E5EE] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720] [PID.5688]
[MD5.52069AEB42D3D0F97CBCA1085EBF55E6] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432] [PID.3412]
[MD5.8939CBB2526CB87C476DB9ABBF243AE0] - (.Intel Corporation - Intel(R) Local Management Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [390616] [PID.5392]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Clement\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Googleà‚ Drive v.6.3 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Googleà‚ Wallet v.0.0.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [onhbegdkgonhlokobjefolhpoidcnida] Synology Download Station v.2.1.7, (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 25 Legitimates Filtered in 00mn 05s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [ProfilerU] . (.Saitek - Saitek SST Profile Launcher.) -- C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_9E929130E8EBB2E1654F3E39F9DE2EFB] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-825608802-4289994647-314183835-1000\..\Run: [GoogleChromeAutoLaunch_9E929130E8EBB2E1654F3E39F9DE2EFB] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{612850A9-2EF8-4CFB-8F80-9F3A70CB5786}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{A203F6FA-8877-46A6-8152-30358027D010}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{612850A9-2EF8-4CFB-8F80-9F3A70CB5786}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{A203F6FA-8877-46A6-8152-30358027D010}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{612850A9-2EF8-4CFB-8F80-9F3A70CB5786}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{A203F6FA-8877-46A6-8152-30358027D010}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: ASGT (ASGT) . (...) - C:\Windows\SysWOW64\ASGT.exe
O23 - Service: NO-IP DUC v4 (NoIPDUCService4) . (.Pas de propriétaire - ducservice.) - C:\Program Files (x86)\No-IP\ducservice.exe
~ Services: 18 Legitimates Filtered in 00mn 05s



---\\ Tà¢ches planifiées en automatique (O39)
[MD5.D4F602B1F775B5827932D3C5B04A3FD2] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe [3372032] =>Trojan.AutoKMS
[MD5.AB6CE6F1827345453030E09533BD744B] [APT] [ASUS DIPAwayMode] (...) -- C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [1218360]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
~ Scheduled Task: 16 Legitimates Filtered in 00mn 01s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (ndisrd) . (.NT Kernel Resources - NDISRD helper driver.) - C:\Windows\System32\DRIVERS\ndisrd.sys
~ Drivers: 87 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Le Chercheur de Mots 1.0.49 - (...) [HKLM][64Bits] -- Le Chercheur de Mots_is1
~ Logic: 23 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AdsFix]
[HKLM\Software\AdsFix]
[HKLM\Software\Respawn]
[HKLM\Software\Wow6432Node\AdsFix]
[HKLM\Software\Wow6432Node\Respawn]
[HKLM\Software\Wow6432Node\SOSVirus]
[HKLM\Software\jumpshot.com]
~ Key Software: 267 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 09/04/2014 - 13:21:32 - [] ----D C:\Program Files (x86)\ImageWriter
O43 - CFD: 10/03/2014 - 15:23:03 - [] ----D C:\Users\Clement\AppData\Roaming\com.spiderneo.junglertimer
O43 - CFD: 17/08/2014 - 15:23:42 - [0] ----D C:\Users\Clement\AppData\Roaming\Store =>PUP.Nosibay
~ Program Folder: 174 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.BABA8E4A8F084AA69862473513768F43] - 15/08/2014 - 01:37:47 ---A- . (...) -- C:\Windows\DirectX.log [18549]
O44 - LFC:[MD5.52D131C5E63A93C135F0067DCA43A8CF] - 17/08/2014 - 23:08:20 ---A- . (...) -- C:\AdsFix_18_08_2014_00_08_20.txt [30815]
~ Files: 91 Legitimates Filtered in 00mn 01s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{724d44d4-dba5-11e3-9f44-74d02b9f0221}\AutoRun\command. (...) -- G:\Startme.exe (.not file.)
O51 - MPSK:{ba83cb47-a14d-11e3-a996-806e6f6e6963}\AutoRun\command. (...) -- D:\.\Bin\ASSETUP.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\NoIPDUCv4 [Key] . (.Pas de propriétaire - DUC40.) -- C:\Program Files (x86)\No-IP\DUC40.exe
O53 - SMSR:HKLM\...\startupreg\OODefragTray [Key] . (...) -- C:\Program Files\OO Software\Defrag\oodtray.exe (.not file.)
~ SMSR Keys: 13 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:23/07/2014 - 10:40:54 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:23/07/2014 - 10:40:54 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:23/07/2014 - 10:40:55 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [224896] =>.ALWIL Software
O58 - SDL:03/08/2012 - 10:36:52 ---A- . (.Windows (R) Win 7 DDK provider - Synology Virtual USB Hub.) -- C:\Windows\System32\Drivers\busenum.sys [55776]
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:07/02/2013 - 09:31:14 R--A- . (.NT Kernel Resources - NDISRD helper driver.) -- C:\Windows\System32\Drivers\ndisrd.sys [32840]
O58 - SDL:19/04/2013 - 03:56:48 ---A- . (...) -- C:\Windows\System32\Drivers\nvflash.sys [15648]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:22/08/2013 - 13:40:24 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [40664]
O58 - SDL:29/11/2013 - 09:31:28 ---A- . (...) -- C:\Windows\System32\ampa.sys [17008]
O58 - SDL:21/08/2012 - 19:54:10 R--A- . (...) -- C:\Windows\SysWOW64\drivers\AsIO.sys [15232]
O58 - SDL:14/09/2012 - 03:06:23 R--A- . (...) -- C:\Windows\SysWOW64\drivers\AsUpIO.sys [14464]
O58 - SDL:02/04/2009 - 13:30:14 ---A- . (...) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [10296]
O58 - SDL:29/11/2013 - 09:31:28 ---A- . (...) -- C:\Windows\SysWOW64\ampa.sys [17008]
~ Drivers: 93 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 17/08/2014 - 00:14:52 ---A- . (...) -- C:\Users\Clement\Desktop\AdsFix.exe [2894848]
~ 6 Fichiers temporaires (Temporary files)
~ 2 Fichiers cookies (Cookies files)
~ Files: 8 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix - (.El Desaparecido - http://www.usbfix.net" onclick="window.open(this.href);return false; - http://www.sosvirus.net.&#41;" onclick="window.open(this.href);return false; [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 23/07/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 94 Legitimates Filtered in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com" onclick="window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à  la racine du système (SPRF) (O84)
[MD5.D7B4BFF00B1F6D2387F5A720943FB6A8] [SPRF][17/08/2014] (.Pas de propriétaire - Ads Cleaner.) -- C:\Users\Clement\Desktop\AdsFix.exe [2894848]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{50E86DB5-872C-48A7-8ED7-31F6D6542D29}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- F:\Downloads\torrent_3-4-build-30635_fr_18245.exe =>P2P.BitTorrent
O87 - FAEL: "{FAD57A23-6B11-4E3A-BF15-804B187825AB}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- F:\Downloads\torrent_3-4-build-30635_fr_18245.exe =>P2P.BitTorrent
O87 - FAEL: "{AEEDCC9F-2ADC-4CA4-873A-C41FE8FA58D4}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Clement\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{F2D83A52-5F3D-4695-A3BA-32E4EB1C18EE}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Clement\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Disabled 02/03/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 02/03/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 02/01/2013 171632 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SS - | Demand 27/08/2013 828376 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 29/05/2014 543424 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SR - | Auto 07/05/2013 936728 | (asComSvc) . (...) - C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
SR - | Auto 17/01/2012 55296 | (ASGT) . (...) - C:\Windows\SysWOW64\ASGT.exe
SR - | Auto 07/05/2013 945152 | (asHmComSvc) . (.ASUSTeK Computer Inc..) - C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
SR - | Auto 09/05/2013 1639424 | (AsusFanControlService) . (.ASUSTeK Computer Inc..) - C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.22\AsusFanControlService.exe
SR - | Auto 23/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 21/11/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 27/08/2013 747520 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 10/12/2013 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 10/12/2013 390616 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 24/02/2014 2818888 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 06/02/2014 10752 | (NoIPDUCService4) . (...) - C:\Program Files (x86)\No-IP\ducservice.exe
SR - | Auto 25/07/2014 1720608 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 25/07/2014 18956064 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 02/07/2014 935368 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 02/07/2014 411936 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 23/01/2014 248736 | (UsbClientService) . (...) - C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 03s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Clement at 18/08/2014 00:15:30
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog" onclick="window.open(this.href);return false;
Run by Clement at 18/08/2014 00:15:32
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (16/08/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 1

C:\Users\Clement\AppData\Roaming\Store =>PUP.Nosibay^
C:\Windows\AutoKMS\AutoKMS.exe =>Trojan.AutoKMS^
~ Additionnel Scan: 195396 Items scanned in 00mn 09s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/g2-google-chrome-extensions/" onclick="window.open(this.href);return false; =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/" onclick="window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/" onclick="window.open(this.href);return false; =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/" onclick="window.open(this.href);return false; =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/" onclick="window.open(this.href);return false; =>.Clé de registre Shell MountPoints2 (MPKS) (O51)
~ AMI: 5 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/trojan-autokms" onclick="window.open(this.href);return false; =>Trojan.AutoKMS
~ MSI: 1 link(s) detected in 00mn 00s



~ 904 Legitimates filtered by white list
End of the scan (469 lines in 01mn 12s)(0)
Avatar du membre
par buckhulk
#197391
bon tu as java à  mettre à  jour, mais après le script OK ??
Java Update 67
  • Séléctionne et copie le script suivant :
    Code : Tout sélectionner
    Script ZHPFix
    ShortcutFix
    Java 7 Update 55    => Oracle  
    O3 - Toolbar: (no name) - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline    => Toolbar.Avast  
    O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Clé orpheline    => Orphean Key not necessary  
    [MD5.D4F602B1F775B5827932D3C5B04A3FD2] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe [3372032]   =>Trojan.AutoKMS 
    O41 - Driver: (ndisrd) . (.NT Kernel Resources - NDISRD helper driver.) - C:\Windows\System32\DRIVERS\ndisrd.sys  
    O43 - CFD: 17/08/2014 - 15:23:42 - [0] ----D C:\Users\Clement\AppData\Roaming\Store   =>PUP.Nosibay 
    O51 - MPSK:{724d44d4-dba5-11e3-9f44-74d02b9f0221}\AutoRun\command. (...) -- G:\Startme.exe (.not file.)    => Fichier absent  
    O51 - MPSK:{ba83cb47-a14d-11e3-a996-806e6f6e6963}\AutoRun\command. (...) -- D:\.\Bin\ASSETUP.exe (.not file.)    => Fichier absent
    O58 - SDL:07/02/2013 - 09:31:14 R--A- . (.NT Kernel Resources - NDISRD helper driver.) -- C:\Windows\System32\Drivers\ndisrd.sys [32840]  
      O87 - FAEL: "{50E86DB5-872C-48A7-8ED7-31F6D6542D29}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- F:\Downloads\torrent_3-4-build-30635_fr_18245.exe   =>P2P.BitTorrent 
    O87 - FAEL: "{FAD57A23-6B11-4E3A-BF15-804B187825AB}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- F:\Downloads\torrent_3-4-build-30635_fr_18245.exe   =>P2P.BitTorrent 
    O87 - FAEL: "{AEEDCC9F-2ADC-4CA4-873A-C41FE8FA58D4}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Clement\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent 
    O87 - FAEL: "{F2D83A52-5F3D-4695-A3BA-32E4EB1C18EE}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Clement\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent 
    C:\Users\Clement\AppData\Roaming\Store   =>PUP.Nosibay^ 
    C:\Windows\AutoKMS\AutoKMS.exe   =>Trojan.AutoKMS^ 
    ProxyFix 
    EmptyPrefetch
    EmptyFlash
    SysRestore 
    FirewallRAZ  
    EmptyTemp 
    
    
  • Lances ZHPFix, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
    1. Clique sur Importer
    2. Les lignes précedemment copiées doivent être collées dans le cadre
    3. Si c'est le cas, Clic sur "GO"
    Image
    exemple :
    Image
  • Confirmes les nettoyages des données en cliquant sur "Oui"
  • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à  été crée.
  • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.
à  tout de suite donc.... ;)
Avatar du membre
par klem1
#197393
Le voici
Code: Tout sélectionner
Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by Clement at 18/08/2014 00:35:52
High Elevated Privileges : OK
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)

Corbeille vidée (00mn 28s)
Dossier Prefetcher vidé
Réparation des raccourcis navigateur

========== Processus mémoire ==========
SUPPRIMà‰: Memory Process: C:\Windows\AutoKMS\AutoKMS.exe

========== Clés du Registre ==========
SUPPRIMà‰ Driver Key: ndisrd
SUPPRIMà‰ CLSID MPSK: {724d44d4-dba5-11e3-9f44-74d02b9f0221}
SUPPRIMà‰ CLSID MPSK: {ba83cb47-a14d-11e3-a996-806e6f6e6963}

========== Valeurs du Registre ==========
SUPPRIMà‰: Toolbar: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
SUPPRIMà‰: Toolbar: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
SUPPRIMà‰: {50E86DB5-872C-48A7-8ED7-31F6D6542D29}
SUPPRIMà‰: {FAD57A23-6B11-4E3A-BF15-804B187825AB}
SUPPRIMà‰: {AEEDCC9F-2ADC-4CA4-873A-C41FE8FA58D4}
SUPPRIMà‰: {F2D83A52-5F3D-4695-A3BA-32E4EB1C18EE}
ProxyFix : Configuration proxy supprimée avec succès
SUPPRIMà‰ ProxyServer Value
SUPPRIMà‰ ProxyEnable Value
SUPPRIMà‰ EnableHttp1_1 Value
SUPPRIMà‰ ProxyHttp1.1 Value
SUPPRIMà‰ ProxyOverride Value
Aucune Valeur Standard Profile: FirewallRaz :
Aucune Valeur Domain Profile: FirewallRaz :
SUPPRIMà‰: FirewallRaz (Private) : {63D0196C-F7E7-4A49-B63F-A6AF03C7A3B7}
SUPPRIMà‰: FirewallRaz (Private) : {555BA80A-7C9B-4549-B399-BC9746FFB0D0}
SUPPRIMà‰: FirewallRaz (Public) : {4A0ECC62-3710-42E9-A84E-D30485404462}
SUPPRIMà‰: FirewallRaz (Public) : {F6ECB65F-3636-4A75-9A63-CDBE4C3D0ADE}
SUPPRIMà‰: FirewallRaz (Private) : TCP Query User{74BFED55-4936-47B0-8B47-AD6A380BE3B2}C:\users\clement\appdata\local\temp\rar$exa0.376\mratio4.5\mratio.exe
SUPPRIMà‰: FirewallRaz (Private) : UDP Query User{193F1CDD-3065-4AD3-AB26-E3A578B4BD71}C:\users\clement\appdata\local\temp\rar$exa0.376\mratio4.5\mratio.exe
SUPPRIMà‰: FirewallRaz (Public) : {7B05CC90-5C19-4FF3-9A81-99CEC1D38E5E}
SUPPRIMà‰: FirewallRaz (Public) : {B848FBB1-DE59-471A-9FDC-4D1832403E35}
SUPPRIMà‰: FirewallRaz (Private) : TCP Query User{261C0953-3248-40A9-B91C-6475034013CE}C:\users\clement\appdata\local\temp\rar$exa0.626\mratio4.5\mratio.exe
SUPPRIMà‰: FirewallRaz (Private) : UDP Query User{AB14EE43-4764-4F3C-AC78-73B2CF5261EB}C:\users\clement\appdata\local\temp\rar$exa0.626\mratio4.5\mratio.exe
SUPPRIMà‰: FirewallRaz (Public) : {ABE6F577-4FAB-4ACB-8838-E1F13773F187}
SUPPRIMà‰: FirewallRaz (Public) : {0C635356-7C15-4332-A64E-1FFA4277EA70}

========== Dossiers ==========
SUPPRIMà‰: C:\Users\Clement\AppData\Roaming\Store
SUPPRIMà‰S Flash Cookies (0)
SUPPRIMà‰S Temporaires Windows (5)

========== Fichiers ==========
SUPPRIMà‰ Redémarrage: c:\windows\system32\drivers\ndisrd.sys
SUPPRIMà‰S Flash Cookies (0) (0 octets)
SUPPRIMà‰S Temporaires Windows (4) (403 927 octets)

========== Tache planifiée ==========
SUPPRIMà‰: AutoKMS
SUPPRIMà‰: AutoKMS

========== Restauration Système ==========
Point de restauration du système créé avec succès

========== Autre ==========
NON TRAITà‰ Java 7 Update 55


========== Récapitulatif ==========
1 : Processus mémoire
3 : Clés du Registre
26 : Valeurs du Registre
3 : Dossiers
3 : Fichiers
2 : Tache planifiée
1 : Restauration Système
1 : Autre


End of clean in 00mn 35s

========== Chemin de fichier rapport ==========
C:\Users\Clement\AppData\Roaming\ZHP\ZHPFix[R1].txt - 18/08/2014 00:36:21 [3344]

bonsoir oki pour la fermeture je m'en charge car[…]

how to clean junk files

Hello don't use this program , it's a bullshit :)

Bonjour https://www.aht.li/3213847/AdsFix.exe b[…]

De rien Bon WE :)