Virus impossible à supprimer. 2014-08-17T20:45:49+00:00
  • Auteur
    Messages
  • klem1
    Participant
    Nombre d'articles : 25

    Bonjour à tous cela fait plusieurs heures que j’essai de supprimer un virus, j’ai suivi tout les tuto tu web ou presque. J’ai fait des analyse complète avec Malwarebytes, spyware terminator, avast, adwcleaner, ccleaner…

    Je peux voir que le virus est encore actif car il a infecté mon curseur de souris, toutes les 3 secondes, le sablier se met à tourner sur le pointeur de la souris tout en désélectionnant ce que je fait.

    j’en peux plus, j’ai essayer une restauration antérieur mais ma restauration à planté bref.. je ne sais plus quoi faire, je viens donc vous demander votre aide .

    Indice: A mon avis cela viens de ceci PUP.Optional.BubbleDock

  • buckhulk
    Participant
    Nombre d'articles : 2391

    bonsoir klem1

    il va falloir faire un ZHPDiag et peut-être repasser les logiciels que tu as utilisé , mais en le retelechatgeant !

    pur commencer sur de bonnes bases , je vais te demander de passer Deflfix d’abord et ensuite me faire un ZHPDiag !
    merci
    :merci2:

    Delfix

    Delfix à changé et est devenu plus performant !

    1 – Télécharges DelFix sur votre bureau ICI

    2 – Vous pouvez cocher la case “réactiver l’UAC s’il a été désactivé !

    la case “suprimer les outils de désinfection est cochée par défaut !

    3 – vous pouvez cocher la case “éffectuer une sauvegarde du registre ! (au cas ou il y est un pbl )
    4 – vous pouvez cocher la case “purger la restauration système” tous les anciens points seront supprimés et un nouveau “sain” sera créer !
    5 – enfin cliquez sur : exécuter

    ps : Si c’est en milieu de désinfection ou si ce n’est pas indiqué, le passer comme il est programmé !

    ensuite :

    • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
    • Installe le logiciel.
    • Lance ZHPDiag, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Clic sur Complet

      Note : Ne pas fermer le programme même si il est indiqué qu’il ne répond plus.

    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPDiag.txt à été créé.
    • Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    :merci2:

  • klem1
    Participant
    Nombre d'articles : 25

    Voici les analyse.
    Adw Cleaner
    [spoiler:32wn5z6t]# AdwCleaner v3.307 – Rapport créé le 17/08/2014 à 22:35:04
    # Mis à jour le 17/08/2014 par Xplode
    # Système d'exploitation : Windows 7 Professional Service Pack 1 (64 bits)
    # Nom d'utilisateur : Clement – CLEMENT-PC
    # Exécuté depuis : F:Downloadsadwcleaner_3.307.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    Service Supprimé : IePluginServices

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:ProgramDataIePluginServices
    Dossier Supprimé : C:ProgramDataParetoLogic
    Dossier Supprimé : C:Program Files (x86)SupTab
    Dossier Supprimé : C:UsersClementAppDataRoamingNosibay
    Dossier Supprimé : C:UsersClementAppDataRoamingMicrosoftWindowsStart MenuProgramsBubble Dock

    ***** [ Tâches planifiées ] *****

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerExtension Compatibility{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
    Clé Supprimée : HKLMSYSTEMCurrentControlSetServicesEventlogApplicationIePluginServices
    Clé Supprimée : HKLMSYSTEMCurrentControlSetServicesEventlogApplicationWindowsMangerProtect
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{E5A7A645-8318-4895-B85C-EDC606B80DB6}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{917CAAE9-DD47-4025-936E-1414F07DF5B8}
    Clé Supprimée : HKLMSOFTWAREClassesTypeLib{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesCLSID{E5A7A645-8318-4895-B85C-EDC606B80DB6}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{917CAAE9-DD47-4025-936E-1414F07DF5B8}
    Donnée Restaurée : HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand
    Clé Supprimée : HKCUSoftwareNosibay
    Clé Supprimée : HKCUSoftwareSupHpUISoft
    Clé Supprimée : HKCUSoftwareUpdateStar
    Clé Supprimée : HKCUSoftwareAppDataLowSoftwareDynConIE
    Clé Supprimée : HKLMSOFTWARESupDp
    Clé Supprimée : HKLMSOFTWARESupTab
    Clé Supprimée : HKLMSOFTWAREsupWindowsMangerProtect
    Clé Supprimée : HKLMSOFTWAREsupWPM
    Clé Supprimée : [x64] HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components8121C32A9C319F4CB0C11FF059552A4

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v11.0.9600.17207

    Paramètre Restauré : HKLMSOFTWAREMicrosoftInternet ExplorerMain [Default_Search_URL]
    Paramètre Restauré : HKLMSOFTWAREMicrosoftInternet ExplorerMain [Search Page]
    Paramètre Restauré : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerMain [Default_Search_URL]
    Paramètre Restauré : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerMain [Search Page]

    -\ Google Chrome v36.0.1985.125

    [ Fichier : C:UsersClementAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    Supprimée [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1408281240&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ANNSADB86446K&q=” onclick=”window.open(this.href);return false;{searchTerms}
    Supprimée [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1408281240&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ANNSADB86446K&q=” onclick=”window.open(this.href);return false;{searchTerms}
    Supprimée [Search Provider] : hxxp://www.softonic.fr/s/” onclick=”window.open(this.href);return false;{searchTerms}
    Supprimée [Startup_urls] : hxxp://www.istartsurf.com/?type=hp&ts=1408281240&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ANNSADB86446K” onclick=”window.open(this.href);return false;
    Supprimée [Startup_urls] : hxxp://www.istartsurf.com/?type=hp&ts=1408281398&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ANNSADB86446K” onclick=”window.open(this.href);return false;

    *************************

    AdwCleaner[R0].txt – [5515 octets] – [17/08/2014 20:57:51]
    AdwCleaner[R1].txt – [1742 octets] – [17/08/2014 21:35:01]
    AdwCleaner[S0].txt – [3734 octets] – [17/08/2014 22:35:04]
    AdwCleaner[S1].txt – [1612 octets] – [17/08/2014 20:58:29]
    AdwCleaner[S2].txt – [2149 octets] – [17/08/2014 21:35:28]

    ########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [3914 octets] ##########
    # AdwCleaner v3.307 – Rapport créé le 17/08/2014 à 23:04:05
    # Mis à jour le 17/08/2014 par Xplode
    # Système d'exploitation : Windows 7 Professional Service Pack 1 (64 bits)
    # Nom d'utilisateur : Clement – CLEMENT-PC
    # Exécuté depuis : F:Downloadsadwcleaner_3.307.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    ***** [ Tâches planifiées ] *****

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerExtension Compatibility{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
    Clé Supprimée : HKCUSoftwareUpdateStar
    Clé Supprimée : [x64] HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components8121C32A9C319F4CB0C11FF059552A4

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v11.0.9600.17207

    -\ Google Chrome v36.0.1985.125

    [ Fichier : C:UsersClementAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    Supprimée [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1408281240&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ANNSADB86446K&q=” onclick=”window.open(this.href);return false;{searchTerms}
    Supprimée [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1408281240&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ANNSADB86446K&q=” onclick=”window.open(this.href);return false;{searchTerms}
    Supprimée [Search Provider] : hxxp://www.softonic.fr/s/” onclick=”window.open(this.href);return false;{searchTerms}
    Supprimée [Startup_urls] : hxxp://www.istartsurf.com/?type=hp&ts=1408281240&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ANNSADB86446K” onclick=”window.open(this.href);return false;
    Supprimée [Startup_urls] : hxxp://www.istartsurf.com/?type=hp&ts=1408281398&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ANNSADB86446K” onclick=”window.open(this.href);return false;

    *************************

    AdwCleaner[R0].txt – [7209 octets] – [17/08/2014 20:57:51]
    AdwCleaner[R1].txt – [1742 octets] – [17/08/2014 21:35:01]
    AdwCleaner[S0].txt – [5787 octets] – [17/08/2014 22:35:04]
    AdwCleaner[S1].txt – [1612 octets] – [17/08/2014 20:58:29]
    AdwCleaner[S2].txt – [2149 octets] – [17/08/2014 21:35:28]

    ########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [5967 octets] ##########[/spoiler:32wn5z6t]

    ZHP DIAG
    [spoiler:32wn5z6t]~ Rapport de ZHPDiag v2014.8.13.118 – Nicolas Coolman (13/08/2014)
    ~ Lancé par Clement (17/08/2014 23:08:46)
    ~ Adresse du Site Web http://nicolascoolman.fr” onclick=”window.open(this.href);return false;
    ~ Adresse du Forum http://forum.nicolascoolman.fr” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version : Nouvelle version disponible
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Deactivate by program

    —\ Navigateurs Internet
    MSIE: Internet Explorer v11.0.9600.17207
    GCIE: Google Chrome v36.0.1985.125 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows Operating System – Windows(R) 7, VOLUME_KMSCLIENT channel
    Windows ID Activation : OK
    ~ Windows Partial Key : GPDD4
    Windows License : OK
    ~ Windows Remaining Initializations Number : 1
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    avast! Free Antivirus v9.0.2021
    Malwarebytes Anti-Malware version 2.0.2.1012
    Windows Defender W7 (Activate)

    —\ Logiciels d'optimisation du système
    CCleaner v4.12

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Java 7 Update 55

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 8130 MB (64% free)
    System Restore: Activé (Enable)
    System drive C: has 43 GB (39%) free of 107 GB

    —\ Mode de connexion au système
    ~ Computer Name: CLEMENT-PC
    ~ User Name: Clement
    ~ All Users Names: Clement, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersClementAppDataRoamingZHP
    ~ %AppData% : C:UsersClementAppDataRoaming
    ~ %Desktop% : C:UsersClementDesktop
    ~ %Favorites% : C:UsersClementFavorites
    ~ %LocalAppData% : C:UsersClementAppDataLocal
    ~ %StartMenu% : C:UsersClementAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 43 Go of 107 Go)
    D: CD-ROM drive (Not Inserted)
    E: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
    F: Hard drive, Flash drive, Thumb drive (Free 519 Go of 977 Go)
    J: Hard drive, Flash drive, Thumb drive (Free 302 Go of 443 Go)
    P: Hard drive, Flash drive, Thumb drive (Free 419 Go of 443 Go)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyGames: Modified
    ~ Security Center: 49 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.18/06/2014 – 23:58:27.) — C:WindowsSystem32wininet.dll [2266112]
    [MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.04/03/2014 – 10:43:50.) — C:WindowsSystem32Winlogon.exe [455168]
    [MD5.BC204AB3FBC84E419DBC486E3CC5CE94] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 14:27:26.) — C:WindowsSystem32sppcomapi.dll [231936]
    [MD5.FA886682CFC5D36718D3E436AACF10B9] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.30/05/2014 – 07:45:52.) — C:Windowssystem32DriversAFD.sys [497152]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:21.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:32.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:43.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:20.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.24/01/2014 – 03:37:55.) — C:Windowssystem32Driversntfs.sys [1684928]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:35.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.1B6163C503398B23FF8B939C67747683] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.20/11/2010 – 12:06:41.) — C:Windowssystem32Driversrdpdr.sys [165888]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:56.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.DF8126BD41180351A093A3AD2FC8903B] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.25/02/2011 – 07:25:38.) — C:Windowssystem32Driversvolsnap.sys [296320]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes Favoris (My Favorites) : 1/24
    ~ Mes Documents (My Documents) : 2/36
    ~ Mon Bureau (My Desktop) : 1/38
    ~ Menu demarrer (Programs) : 1/40
    ~ Hidden Files: Scanned in 00mn 00s

    —\ Processus lancés
    [MD5.AB6CE6F1827345453030E09533BD744B] – (…) — C:Program Files (x86)ASUSAI Suite IIIDIP4DIPAwayModeDipAwayMode.exe [1218360] [PID.2096]
    [MD5.94626EA1B95A54444B950759BE5679E7] – (.ASUSTeK Computer Inc. – Pas de description.) — C:Program Files (x86)ASUSAI Suite IIIAISuite3.exe [1389368] [PID.2104]
    [MD5.4FBC630768570E6AC35C3DE8F6EC79F5] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe [6970168] [PID.2588]
    [MD5.C56AEF21A76A6E2BB36A384B2C96389F] – (.NVIDIA Corporation – NVIDIA GeForce Experience Backend.) — C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe [2403104] [PID.4560]
    [MD5.ADDF1D80161DA7C5FB9D725EED986655] – (…) — C:Program Files (x86)ASUSAI Suite IIIDIP4DIPAwayModeEPUShortCut.exe [1221432] [PID.4988]
    [MD5.B43E68B8A022FB00FF54360D408E871B] – (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe [860488] [PID.5500]
    [MD5.AAA77701508F8AD3585461E67BE40AF2] – (.Samsung Electronics. – Samsung Magician Application.) — P:Program Files (x86)Samsung MagicianSamsung Magician.exe [4737440] [PID.5936]
    [MD5.26B558B2D31C7425B455B00E562EAD93] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastavastui.exe [4085896] [PID.5996]
    [MD5.DC2E338E63159454B71659D82515A04E] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8091648] [PID.6396]
    [MD5.D2230317777033CD0456990BFC4994E5] – (.NVIDIA Corporation – Stereo Vision Control Panel API Server.) — C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe [411936] [PID.1016]
    [MD5.73F5C13B431915BAE35254B4E95DFB71] – (.AVAST Software – avast! Service.) — C:Program FilesAVAST SoftwareAvastAvastSvc.exe [50344] [PID.1516]
    [MD5.BBF8F831C7720DD5135D8C4C8325187A] – (…) — C:Program Files (x86)ASUSAXSP1.01.02atkexComSvc.exe [936728] [PID.1432]
    [MD5.E536856E96A7605EBF580D62A868E5FE] – (…) — C:WindowsSysWOW64ASGT.exe [55296] [PID.2228]
    [MD5.893481D570E97CED36EC7EBD56ADBF24] – (.ASUSTeK Computer Inc. – Pas de description.) — C:Program Files (x86)ASUSAAHM1.00.22aaHMSvc.exe [945152] [PID.2248]
    [MD5.7683F046E48265C83E40EB3D4492E78E] – (.ASUSTeK Computer Inc. – ASUS Motherboard Fan Control Service.) — C:Program Files (x86)ASUSAsusFanControlService1.02.22AsusFanControlService.exe [1639424] [PID.2284]
    [MD5.D84AEA3F3329D622DFC1297DDDF6163B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe [1809720] [PID.2868]
    [MD5.4F45ED469906494F9BF754E476390DBD] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe [860472] [PID.2532]
    [MD5.D0F743BD1F8E402E4A52D83574828AC2] – (.Pas de propriétaire – ducservice.) — C:Program Files (x86)No-IPducservice.exe [10752] [PID.2776]
    [MD5.D6310F79E51D1F997E964E81DD368AEA] – (.NVIDIA Corporation – NVIDIA Network Service.) — C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe [1720608] [PID.2384]
    [MD5.635686E528F2C9CB916EC1BB04EE6AD1] – (…) — C:Program Files (x86)SynologyAssistantUsbClientService.exe [248736] [PID.3092]
    [MD5.6241810294275CEA59EBA9733080E5EE] – (.Intel Corporation – IAStorDataSvc.) — C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe [15720] [PID.5424]
    [MD5.52069AEB42D3D0F97CBCA1085EBF55E6] – (.Intel Corporation – Intel(R) Dynamic Application Loader Host In.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe [169432] [PID.6564]
    [MD5.8939CBB2526CB87C476DB9ABBF243AE0] – (.Intel Corporation – Intel(R) Local Management Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [390616] [PID.5708]
    ~ Processes Running: Scanned in 00mn 00s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersClementAppDataLocalGoogleChromeUser DataDefaultPreferences
    G2 – GCE: Preference [User DataDefault] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
    G2 – GCE: Preference [User DataDefault] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [onhbegdkgonhlokobjefolhpoidcnida] Synology Download Station v.2.1.7, (Activé)
    G2 – GCE: Preference [User DataDefault] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

    —\ Liste des dossiers d'extension Google Chrome
    ~ Google Lines Browser: 24 Legitimates Filtered in 00mn 05s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    R5 – HKLMSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hôte est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: (no name) – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
    O3 – Toolbar: (no name) – [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Applications lancées au démarrage du système (O4)
    O4 – HKLM..Run: [ProfilerU] . (.Saitek – Saitek SST Profile Launcher.) — C:Program FilesSaitekSD6SoftwareProfilerU.exe
    O4 – HKLM..Run: [NvBackend] . (.NVIDIA Corporation – NVIDIA GeForce Experience Backend.) — C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe
    O4 – HKLM..Run: [ShadowPlay] . (.NVIDIA Corporation – NVIDIA Capture Server Proxy.) — C:Windowssystem32nvspcap64.dll
    O4 – HKCU..Run: [GoogleChromeAutoLaunch_9E929130E8EBB2E1654F3E39F9DE2EFB] . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – HKLM..Wow6432NodeRun: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUS.DEFAULT..RunOnce: [SPReview] . (.Microsoft Corporation – SP Reviewer.) — C:WindowsSystem32SPReviewSPReview.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-18..RunOnce: [SPReview] . (.Microsoft Corporation – SP Reviewer.) — C:WindowsSystem32SPReviewSPReview.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-825608802-4289994647-314183835-1000..Run: [GoogleChromeAutoLaunch_9E929130E8EBB2E1654F3E39F9DE2EFB] . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    ~ Application: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{612850A9-2EF8-4CFB-8F80-9F3A70CB5786}: DhcpNameServer = 192.168.42.129
    O17 – HKLMSystemCCSServicesTcpip..{A203F6FA-8877-46A6-8152-30358027D010}: DhcpNameServer = 212.27.40.241 212.27.40.240
    O17 – HKLMSystemCS1ServicesTcpip..{612850A9-2EF8-4CFB-8F80-9F3A70CB5786}: DhcpNameServer = 192.168.42.129
    O17 – HKLMSystemCS1ServicesTcpip..{A203F6FA-8877-46A6-8152-30358027D010}: DhcpNameServer = 212.27.40.241 212.27.40.240
    O17 – HKLMSystemCS2ServicesTcpip..{612850A9-2EF8-4CFB-8F80-9F3A70CB5786}: DhcpNameServer = 192.168.42.129
    O17 – HKLMSystemCS2ServicesTcpip..{A203F6FA-8877-46A6-8152-30358027D010}: DhcpNameServer = 212.27.40.241 212.27.40.240
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 212.27.40.241 212.27.40.240
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
    O18 – Filter: text/xml [64Bits] – {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE15MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: ASGT (ASGT) . (…) – C:WindowsSysWOW64ASGT.exe
    O23 – Service: NO-IP DUC v4 (NoIPDUCService4) . (.Pas de propriétaire – ducservice.) – C:Program Files (x86)No-IPducservice.exe
    ~ Services: 18 Legitimates Filtered in 00mn 05s

    —\ Tâches planifiées en automatique (O39)
    [MD5.D4F602B1F775B5827932D3C5B04A3FD2] [APT] [AutoKMS] (…) — C:WindowsAutoKMSAutoKMS.exe [3372032] =>Trojan.AutoKMS
    [MD5.AB6CE6F1827345453030E09533BD744B] [APT] [ASUS DIPAwayMode] (…) — C:Program Files (x86)ASUSAI Suite IIIDIP4DIPAwayModeDipAwayMode.exe [1218360]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineCore [1066]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineUA [1070]
    ~ Scheduled Task: 16 Legitimates Filtered in 00mn 01s

    —\ Pilotes lancés au démarrage du système (O41)
    O41 – Driver: (ndisrd) . (.NT Kernel Resources – NDISRD helper driver.) – C:WindowsSystem32DRIVERSndisrd.sys
    ~ Drivers: 87 Legitimates Filtered in 00mn 00s

    —\ Logiciels installés (O42)
    O42 – Logiciel: Le Chercheur de Mots 1.0.49 – (…) [HKLM][64Bits] — Le Chercheur de Mots_is1
    ~ Logic: 23 Legitimates Filtered in 00mn 00s

    —\ HKCU & HKLM Software Keys
    [HKLMSoftwareRespawn]
    [HKLMSoftwareWow6432NodeRespawn]
    [HKLMSoftwarejumpshot.com]
    ~ Key Software: 259 Legitimates Filtered in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 09/04/2014 – 13:21:32 – [] —-D C:Program Files (x86)ImageWriter
    O43 – CFD: 10/03/2014 – 15:23:03 – [] —-D C:UsersClementAppDataRoamingcom.spiderneo.junglertimer
    O43 – CFD: 17/08/2014 – 15:23:42 – [0] —-D C:UsersClementAppDataRoamingStore =>PUP.Nosibay
    ~ Program Folder: 174 Legitimates Filtered in 00mn 00s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.BABA8E4A8F084AA69862473513768F43] – 15/08/2014 – 01:37:47 —A- . (…) — C:WindowsDirectX.log [18549]
    O44 – LFC:[MD5.B6FC9B1B063F06015EA8888FE291B98E] – 17/08/2014 – 22:07:01 —A- . (…) — C:DelFix.txt [833]
    ~ Files: 91 Legitimates Filtered in 00mn 01s

    —\ Clé de registre Shell MountPoints2 (MPKS) (O51)
    O51 – MPSK:{724d44d4-dba5-11e3-9f44-74d02b9f0221}AutoRuncommand. (…) — G:Startme.exe (.not file.)
    O51 – MPSK:{ba83cb47-a14d-11e3-a996-806e6f6e6963}AutoRuncommand. (…) — D:.BinASSETUP.exe (.not file.)
    ~ Keys: Scanned in 00mn 00s

    —\ Enumération des clés de registre StartupReg (SMSR) (O53)
    O53 – SMSR:HKLM…startupregNoIPDUCv4 [Key] . (.Pas de propriétaire – DUC40.) — C:Program Files (x86)No-IPDUC40.exe
    O53 – SMSR:HKLM…startupregOODefragTray [Key] . (…) — C:Program FilesOO SoftwareDefragoodtray.exe (.not file.)
    ~ SMSR Keys: 14 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “PromptOnSecureDesktop”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 18 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
    ~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:23/07/2014 – 10:40:54 —A- . (…) — C:WindowsSystem32DriversaswHwid.sys [29208] =>.ALWIL Software
    O58 – SDL:23/07/2014 – 10:40:54 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65776] =>.ALWIL Software
    O58 – SDL:23/07/2014 – 10:40:55 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [224896] =>.ALWIL Software
    O58 – SDL:03/08/2012 – 10:36:52 —A- . (.Windows (R) Win 7 DDK provider – Synology Virtual USB Hub.) — C:WindowsSystem32Driversbusenum.sys [55776]
    O58 – SDL:14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
    O58 – SDL:10/06/2009 – 21:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
    O58 – SDL:07/02/2013 – 09:31:14 R–A- . (.NT Kernel Resources – NDISRD helper driver.) — C:WindowsSystem32Driversndisrd.sys [32840]
    O58 – SDL:19/04/2013 – 03:56:48 —A- . (…) — C:WindowsSystem32Driversnvflash.sys [15648]
    O58 – SDL:14/07/2009 – 02:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
    O58 – SDL:22/08/2013 – 13:40:24 —A- . (.The OpenVPN Project – TAP-Windows Virtual Network Driver.) — C:WindowsSystem32Driverstap0901.sys [40664]
    O58 – SDL:29/11/2013 – 09:31:28 —A- . (…) — C:WindowsSystem32ampa.sys [17008]
    O58 – SDL:21/08/2012 – 19:54:10 R–A- . (…) — C:WindowsSysWOW64driversAsIO.sys [15232]
    O58 – SDL:14/09/2012 – 03:06:23 R–A- . (…) — C:WindowsSysWOW64driversAsUpIO.sys [14464]
    O58 – SDL:02/04/2009 – 13:30:14 —A- . (…) — C:WindowsSysWOW64driversASUSHWIO.SYS [10296]
    O58 – SDL:29/11/2013 – 09:31:28 —A- . (…) — C:WindowsSysWOW64ampa.sys [17008]
    ~ Drivers: 93 Legitimates Filtered in 00mn 00s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Liste les services legacy du registre (LALS) (O64)
    O64 – Services: CurCS – 23/07/2014 – C:Windowssystem32driversaswHwid.sys (aswHwid) .(…) – LEGACY_ASWHWID
    ~ Legacy: 93 Legitimates Filtered in 00mn 00s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
    ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: “{50E86DB5-872C-48A7-8ED7-31F6D6542D29}” | In – None – P6 – TRUE | .(.BitTorrent Inc. – µTorrent.) — F:Downloadstorrent_3-4-build-30635_fr_18245.exe =>P2P.BitTorrent
    O87 – FAEL: “{FAD57A23-6B11-4E3A-BF15-804B187825AB}” | In – None – P17 – TRUE | .(.BitTorrent Inc. – µTorrent.) — F:Downloadstorrent_3-4-build-30635_fr_18245.exe =>P2P.BitTorrent
    O87 – FAEL: “{AEEDCC9F-2ADC-4CA4-873A-C41FE8FA58D4}” | In – None – P6 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:UsersClementAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    O87 – FAEL: “{F2D83A52-5F3D-4695-A3BA-32E4EB1C18EE}” | In – None – P17 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:UsersClementAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    ~ Firewall: 4 Legitimates Filtered in 00mn 00s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Disabled 02/03/2014 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Disabled 02/03/2014 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 02/01/2013 171632 | (ICCS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Integrated Clock Controller ServiceICCProxy.exe
    SS – | Demand 27/08/2013 828376 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) – C:Program FilesInteliCLS ClientSocketHeciServer.exe
    SS – | Demand 29/05/2014 543424 | (Steam Client Service) . (.Valve Corporation.) – C:Program Files (x86)Common FilesSteamSteamService.exe
    SR – | Auto 07/05/2013 936728 | (asComSvc) . (…) – C:Program Files (x86)ASUSAXSP1.01.02atkexComSvc.exe
    SR – | Auto 17/01/2012 55296 | (ASGT) . (…) – C:WindowsSysWOW64ASGT.exe
    SR – | Auto 07/05/2013 945152 | (asHmComSvc) . (.ASUSTeK Computer Inc..) – C:Program Files (x86)ASUSAAHM1.00.22aaHMSvc.exe
    SR – | Auto 09/05/2013 1639424 | (AsusFanControlService) . (.ASUSTeK Computer Inc..) – C:Program Files (x86)ASUSAsusFanControlService1.02.22AsusFanControlService.exe
    SR – | Auto 23/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
    SR – | Auto 21/11/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
    SR – | Auto 27/08/2013 747520 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) – C:Program FilesInteliCLS ClientHeciServer.exe
    SR – | Auto 10/12/2013 169432 | (jhi_service) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe
    SR – | Auto 10/12/2013 390616 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
    SR – | Auto 24/02/2014 2818888 | (MaConfigAgent) . (.CybelSoft.) – C:Program Filesma-config.comMaConfigAgent.exe
    SR – | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe
    SR – | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe
    SR – | Auto 06/02/2014 10752 | (NoIPDUCService4) . (…) – C:Program Files (x86)No-IPducservice.exe
    SR – | Auto 25/07/2014 1720608 | (NvNetworkService) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe
    SR – | Auto 25/07/2014 18956064 | (NvStreamSvc) . (.NVIDIA Corporation.) – C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe
    SR – | Auto 02/07/2014 935368 | (nvsvc) . (.NVIDIA Corporation.) – C:Windowssystem32nvvsvc.exe
    SR – | Auto 02/07/2014 411936 | (Stereo Service) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe
    SR – | Auto 23/01/2014 248736 | (UsbClientService) . (…) – C:Program Files (x86)SynologyAssistantUsbClientService.exe
    SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 03s

    —\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Run by Clement at 17/08/2014 23:09:43
    ~ OS 64 not supported by MBR tool
    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by Clement at 17/08/2014 23:09:45
    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 13026 – (13/08/2014)
    Clés trouvées (Keys found) : 0
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 1
    Fichiers trouvés (Files found) : 1

    C:UsersClementAppDataRoamingStore =>PUP.Nosibay^
    C:WindowsAutoKMSAutoKMS.exe =>Trojan.AutoKMS^
    ~ Additionnel Scan: 196874 Items scanned in 00mn 09s

    —\ Informations complémentaires sur les modules
    ~ http://nicolascoolman.fr/g2-google-chrome-extensions/” onclick=”window.open(this.href);return false; =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/” onclick=”window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
    ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/” onclick=”window.open(this.href);return false; =>.Internet Explorer Toolbars (O3)
    ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/” onclick=”window.open(this.href);return false; =>.Applications lancées au démarrage du système (O4)
    ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/” onclick=”window.open(this.href);return false; =>.Clé de registre Shell MountPoints2 (MPKS) (O51)
    ~ AMI: 5 Legitimates Filtered in 00mn 00s

    —\ Récapitulatif des détections trouvées sur votre station
    http://nicolascoolman.fr/trojan-autokms” onclick=”window.open(this.href);return false; =>Trojan.AutoKMS
    ~ MSI: 1 link(s) detected in 00mn 00s

    ~ 892 Legitimates filtered by white list
    End of the scan (447 lines in 01mn 09s)(0)[/spoiler:32wn5z6t]

    MalwareBytes
    [spoiler:32wn5z6t]Malwarebytes Anti-Malware
    http://www.malwarebytes.org” onclick=”window.open(this.href);return false;

    Date de l'examen: 17/08/2014
    Heure de l'examen: 22:58:31
    Fichier journal: mbam.txt
    Administrateur: Oui

    Version: 2.00.2.1012
    Base de données Malveillants: v2014.08.17.05
    Base de données Rootkits: v2014.08.16.01
    Licence: Premium
    Protection contre les malveillants: Activé(e)
    Protection contre les sites Web malveillants: Activé(e)
    Self-protection: Désactivé(e)

    Système d'exploitation: Windows 7 Service Pack 1
    Processeur: x64
    Système de fichiers: NTFS
    Utilisateur: Clement

    Type d'examen: Examen “Menaces”
    Résultat: Terminé
    Objets analysés: 290439
    Temps écoulé: 2 min, 57 sec

    Mémoire: Activé(e)
    Démarrage: Activé(e)
    Système de fichiers: Activé(e)
    Archives: Activé(e)
    Rootkits: Activé(e)
    Heuristics: Activé(e)
    PUP: Activé(e)
    PUM: Activé(e)

    Processus: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Clés du Registre: 0
    (No malicious items detected)

    Valeurs du Registre: 0
    (No malicious items detected)

    Données du Registre: 0
    (No malicious items detected)

    Dossiers: 0
    (No malicious items detected)

    Fichiers: 1
    PUP.Optional.IStartSurf.A, C:UsersClementAppDataLocalGoogleChromeUser DataDefaultPreferences, Bon: (), Mauvais: ( “startup_urls”: [ “https://www.google.fr/”, “http://www.google.com”, “http://www.istartsurf.com/?type=hp&ts=1408281240&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ANNSADB86446K”, “http://www.istartsurf.com/?type=hp&ts=1408281398&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ANNSADB86446K” ],), ,[83c4bd0aaecdbc7ac92880838d78e818]

    Secteurs physiques: 0
    (No malicious items detected)

    (end)[/spoiler:32wn5z6t]

  • buckhulk
    Participant
    Nombre d'articles : 2391

    reponse rapide mais pas bonne 😀

    tu n’as pas du passer Delfix comme demandé !

    ta version : Rapport de ZHPDiag v2014.8.13.118 – Nicolas Coolman (13/08/2014)

    retelecharge ZHPDiag , nouvelle version : 2014.8.16.119

  • klem1
    Participant
    Nombre d'articles : 25

    Delfix
    [spoiler:1sk6pv8j]# DelFix v10.8 – Rapport créé le 17/08/2014 à 23:27:12
    # Mis à jour le 29/07/2014 par Xplode
    # Nom d'utilisateur : Clement – CLEMENT-PC
    # Système d'exploitation : Windows 7 Professional Service Pack 1 (64 bits)

    ~ Suppression des outils de désinfection …

    Supprimé : C:UsersClementAppDataRoamingZHP
    Supprimé : C:ProgramDataMicrosoftWindowsStart MenuProgramsZHP
    Supprimé : C:Program Files (x86)ZHPDiag
    Supprimé : C:PhysicalDisk0_MBR.bin
    Supprimé : C:UsersClementDesktopZHPDiag.lnk
    Supprimé : C:UsersClementDesktopZHPDiag.txt
    Supprimé : C:UsersClementDesktopZHPFix.lnk
    Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallZHPDiag_is1

    ########## – EOF – ##########[/spoiler:1sk6pv8j]

    ZHPDiag
    [spoiler:1sk6pv8j]~ Rapport de ZHPDiag v2014.8.16.119 – Nicolas Coolman (16/08/2014)
    ~ Lancé par Clement (17/08/2014 23:28:03)
    ~ Adresse du Site Web http://nicolascoolman.fr” onclick=”window.open(this.href);return false;
    ~ Adresse du Forum http://forum.nicolascoolman.fr” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version : Version à jour.
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v11.0.9600.17207
    GCIE: Google Chrome v36.0.1985.125 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows Operating System – Windows(R) 7, VOLUME_KMSCLIENT channel
    Windows ID Activation : OK
    ~ Windows Partial Key : GPDD4
    Windows License : OK
    ~ Windows Remaining Initializations Number : 1
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    avast! Free Antivirus v9.0.2021
    Malwarebytes Anti-Malware version 2.0.2.1012
    Windows Defender W7 (Activate)

    —\ Logiciels d'optimisation du système
    CCleaner v4.12

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Java 7 Update 55

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 8130 MB (69% free)
    System Restore: Activé (Enable)
    System drive C: has 42 GB (39%) free of 107 GB

    —\ Mode de connexion au système
    ~ Computer Name: CLEMENT-PC
    ~ User Name: Clement
    ~ All Users Names: Clement, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersClementAppDataRoamingZHP
    ~ %AppData% : C:UsersClementAppDataRoaming
    ~ %Desktop% : C:UsersClementDesktop
    ~ %Favorites% : C:UsersClementFavorites
    ~ %LocalAppData% : C:UsersClementAppDataLocal
    ~ %StartMenu% : C:UsersClementAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 42 Go of 107 Go)
    D: CD-ROM drive (Not Inserted)
    E: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
    F: Hard drive, Flash drive, Thumb drive (Free 519 Go of 977 Go)
    J: Hard drive, Flash drive, Thumb drive (Free 302 Go of 443 Go)
    P: Hard drive, Flash drive, Thumb drive (Free 419 Go of 443 Go)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyGames: Modified
    ~ Security Center: 49 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.18/06/2014 – 23:58:27.) — C:WindowsSystem32wininet.dll [2266112]
    [MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.04/03/2014 – 10:43:50.) — C:WindowsSystem32Winlogon.exe [455168]
    [MD5.BC204AB3FBC84E419DBC486E3CC5CE94] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 14:27:26.) — C:WindowsSystem32sppcomapi.dll [231936]
    [MD5.FA886682CFC5D36718D3E436AACF10B9] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.30/05/2014 – 07:45:52.) — C:Windowssystem32DriversAFD.sys [497152]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:21.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:32.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:43.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:20.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.24/01/2014 – 03:37:55.) — C:Windowssystem32Driversntfs.sys [1684928]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:35.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.1B6163C503398B23FF8B939C67747683] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.20/11/2010 – 12:06:41.) — C:Windowssystem32Driversrdpdr.sys [165888]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:56.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.DF8126BD41180351A093A3AD2FC8903B] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.25/02/2011 – 07:25:38.) — C:Windowssystem32Driversvolsnap.sys [296320]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes Favoris (My Favorites) : 1/24
    ~ Mes Documents (My Documents) : 2/36
    ~ Mon Bureau (My Desktop) : 1/38
    ~ Menu demarrer (Programs) : 1/40
    ~ Hidden Files: Scanned in 00mn 00s

    —\ Processus lancés
    [MD5.AB6CE6F1827345453030E09533BD744B] – (…) — C:Program Files (x86)ASUSAI Suite IIIDIP4DIPAwayModeDipAwayMode.exe [1218360] [PID.2096]
    [MD5.94626EA1B95A54444B950759BE5679E7] – (.ASUSTeK Computer Inc. – Pas de description.) — C:Program Files (x86)ASUSAI Suite IIIAISuite3.exe [1389368] [PID.2104]
    [MD5.4FBC630768570E6AC35C3DE8F6EC79F5] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe [6970168] [PID.2588]
    [MD5.C56AEF21A76A6E2BB36A384B2C96389F] – (.NVIDIA Corporation – NVIDIA GeForce Experience Backend.) — C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe [2403104] [PID.4560]
    [MD5.ADDF1D80161DA7C5FB9D725EED986655] – (…) — C:Program Files (x86)ASUSAI Suite IIIDIP4DIPAwayModeEPUShortCut.exe [1221432] [PID.4988]
    [MD5.B43E68B8A022FB00FF54360D408E871B] – (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe [860488] [PID.5500]
    [MD5.AAA77701508F8AD3585461E67BE40AF2] – (.Samsung Electronics. – Samsung Magician Application.) — P:Program Files (x86)Samsung MagicianSamsung Magician.exe [4737440] [PID.5936]
    [MD5.26B558B2D31C7425B455B00E562EAD93] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastavastui.exe [4085896] [PID.5996]
    [MD5.6F815EE8023E715353C4D9F88F75D2B6] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8092160] [PID.3368]
    [MD5.D2230317777033CD0456990BFC4994E5] – (.NVIDIA Corporation – Stereo Vision Control Panel API Server.) — C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe [411936] [PID.1016]
    [MD5.73F5C13B431915BAE35254B4E95DFB71] – (.AVAST Software – avast! Service.) — C:Program FilesAVAST SoftwareAvastAvastSvc.exe [50344] [PID.1516]
    [MD5.BBF8F831C7720DD5135D8C4C8325187A] – (…) — C:Program Files (x86)ASUSAXSP1.01.02atkexComSvc.exe [936728] [PID.1432]
    [MD5.E536856E96A7605EBF580D62A868E5FE] – (…) — C:WindowsSysWOW64ASGT.exe [55296] [PID.2228]
    [MD5.893481D570E97CED36EC7EBD56ADBF24] – (.ASUSTeK Computer Inc. – Pas de description.) — C:Program Files (x86)ASUSAAHM1.00.22aaHMSvc.exe [945152] [PID.2248]
    [MD5.7683F046E48265C83E40EB3D4492E78E] – (.ASUSTeK Computer Inc. – ASUS Motherboard Fan Control Service.) — C:Program Files (x86)ASUSAsusFanControlService1.02.22AsusFanControlService.exe [1639424] [PID.2284]
    [MD5.D84AEA3F3329D622DFC1297DDDF6163B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe [1809720] [PID.2868]
    [MD5.4F45ED469906494F9BF754E476390DBD] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe [860472] [PID.2532]
    [MD5.D0F743BD1F8E402E4A52D83574828AC2] – (.Pas de propriétaire – ducservice.) — C:Program Files (x86)No-IPducservice.exe [10752] [PID.2776]
    [MD5.D6310F79E51D1F997E964E81DD368AEA] – (.NVIDIA Corporation – NVIDIA Network Service.) — C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe [1720608] [PID.2384]
    [MD5.635686E528F2C9CB916EC1BB04EE6AD1] – (…) — C:Program Files (x86)SynologyAssistantUsbClientService.exe [248736] [PID.3092]
    [MD5.6241810294275CEA59EBA9733080E5EE] – (.Intel Corporation – IAStorDataSvc.) — C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe [15720] [PID.5424]
    [MD5.52069AEB42D3D0F97CBCA1085EBF55E6] – (.Intel Corporation – Intel(R) Dynamic Application Loader Host In.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe [169432] [PID.6564]
    [MD5.8939CBB2526CB87C476DB9ABBF243AE0] – (.Intel Corporation – Intel(R) Local Management Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [390616] [PID.5708]
    ~ Processes Running: Scanned in 00mn 00s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersClementAppDataLocalGoogleChromeUser DataDefaultPreferences
    G2 – GCE: Preference [User DataDefault] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
    G2 – GCE: Preference [User DataDefault] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [onhbegdkgonhlokobjefolhpoidcnida] Synology Download Station v.2.1.7, (Activé)
    G2 – GCE: Preference [User DataDefault] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

    —\ Liste des dossiers d'extension Google Chrome
    ~ Google Lines Browser: 24 Legitimates Filtered in 00mn 05s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    R5 – HKLMSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hôte est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: (no name) – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
    O3 – Toolbar: (no name) – [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Applications lancées au démarrage du système (O4)
    O4 – HKLM..Run: [ProfilerU] . (.Saitek – Saitek SST Profile Launcher.) — C:Program FilesSaitekSD6SoftwareProfilerU.exe
    O4 – HKLM..Run: [NvBackend] . (.NVIDIA Corporation – NVIDIA GeForce Experience Backend.) — C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe
    O4 – HKLM..Run: [ShadowPlay] . (.NVIDIA Corporation – NVIDIA Capture Server Proxy.) — C:Windowssystem32nvspcap64.dll
    O4 – HKCU..Run: [GoogleChromeAutoLaunch_9E929130E8EBB2E1654F3E39F9DE2EFB] . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – HKLM..Wow6432NodeRun: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUS.DEFAULT..RunOnce: [SPReview] . (.Microsoft Corporation – SP Reviewer.) — C:WindowsSystem32SPReviewSPReview.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-18..RunOnce: [SPReview] . (.Microsoft Corporation – SP Reviewer.) — C:WindowsSystem32SPReviewSPReview.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-825608802-4289994647-314183835-1000..Run: [GoogleChromeAutoLaunch_9E929130E8EBB2E1654F3E39F9DE2EFB] . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    ~ Application: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{612850A9-2EF8-4CFB-8F80-9F3A70CB5786}: DhcpNameServer = 192.168.42.129
    O17 – HKLMSystemCCSServicesTcpip..{A203F6FA-8877-46A6-8152-30358027D010}: DhcpNameServer = 212.27.40.241 212.27.40.240
    O17 – HKLMSystemCS1ServicesTcpip..{612850A9-2EF8-4CFB-8F80-9F3A70CB5786}: DhcpNameServer = 192.168.42.129
    O17 – HKLMSystemCS1ServicesTcpip..{A203F6FA-8877-46A6-8152-30358027D010}: DhcpNameServer = 212.27.40.241 212.27.40.240
    O17 – HKLMSystemCS2ServicesTcpip..{612850A9-2EF8-4CFB-8F80-9F3A70CB5786}: DhcpNameServer = 192.168.42.129
    O17 – HKLMSystemCS2ServicesTcpip..{A203F6FA-8877-46A6-8152-30358027D010}: DhcpNameServer = 212.27.40.241 212.27.40.240
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 212.27.40.241 212.27.40.240
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
    O18 – Filter: text/xml [64Bits] – {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE15MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: ASGT (ASGT) . (…) – C:WindowsSysWOW64ASGT.exe
    O23 – Service: NO-IP DUC v4 (NoIPDUCService4) . (.Pas de propriétaire – ducservice.) – C:Program Files (x86)No-IPducservice.exe
    ~ Services: 18 Legitimates Filtered in 00mn 05s

    —\ Tâches planifiées en automatique (O39)
    [MD5.D4F602B1F775B5827932D3C5B04A3FD2] [APT] [AutoKMS] (…) — C:WindowsAutoKMSAutoKMS.exe [3372032] =>Trojan.AutoKMS
    [MD5.AB6CE6F1827345453030E09533BD744B] [APT] [ASUS DIPAwayMode] (…) — C:Program Files (x86)ASUSAI Suite IIIDIP4DIPAwayModeDipAwayMode.exe [1218360]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineCore [1066]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineUA [1070]
    ~ Scheduled Task: 16 Legitimates Filtered in 00mn 01s

    —\ Pilotes lancés au démarrage du système (O41)
    O41 – Driver: (ndisrd) . (.NT Kernel Resources – NDISRD helper driver.) – C:WindowsSystem32DRIVERSndisrd.sys
    ~ Drivers: 87 Legitimates Filtered in 00mn 00s

    —\ Logiciels installés (O42)
    O42 – Logiciel: Le Chercheur de Mots 1.0.49 – (…) [HKLM][64Bits] — Le Chercheur de Mots_is1
    ~ Logic: 23 Legitimates Filtered in 00mn 00s

    —\ HKCU & HKLM Software Keys
    [HKLMSoftwareRespawn]
    [HKLMSoftwareWow6432NodeRespawn]
    [HKLMSoftwarejumpshot.com]
    ~ Key Software: 259 Legitimates Filtered in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 09/04/2014 – 13:21:32 – [] —-D C:Program Files (x86)ImageWriter
    O43 – CFD: 10/03/2014 – 15:23:03 – [] —-D C:UsersClementAppDataRoamingcom.spiderneo.junglertimer
    O43 – CFD: 17/08/2014 – 15:23:42 – [0] —-D C:UsersClementAppDataRoamingStore =>PUP.Nosibay
    ~ Program Folder: 174 Legitimates Filtered in 00mn 00s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.BABA8E4A8F084AA69862473513768F43] – 15/08/2014 – 01:37:47 —A- . (…) — C:WindowsDirectX.log [18549]
    O44 – LFC:[MD5.015DABC37D498783F67BF2D830B8B713] – 17/08/2014 – 22:27:12 —A- . (…) — C:DelFix.txt [724]
    ~ Files: 91 Legitimates Filtered in 00mn 00s

    —\ Clé de registre Shell MountPoints2 (MPKS) (O51)
    O51 – MPSK:{724d44d4-dba5-11e3-9f44-74d02b9f0221}AutoRuncommand. (…) — G:Startme.exe (.not file.)
    O51 – MPSK:{ba83cb47-a14d-11e3-a996-806e6f6e6963}AutoRuncommand. (…) — D:.BinASSETUP.exe (.not file.)
    ~ Keys: Scanned in 00mn 00s

    —\ Enumération des clés de registre StartupReg (SMSR) (O53)
    O53 – SMSR:HKLM…startupregNoIPDUCv4 [Key] . (.Pas de propriétaire – DUC40.) — C:Program Files (x86)No-IPDUC40.exe
    O53 – SMSR:HKLM…startupregOODefragTray [Key] . (…) — C:Program FilesOO SoftwareDefragoodtray.exe (.not file.)
    ~ SMSR Keys: 14 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “PromptOnSecureDesktop”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 18 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
    ~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:23/07/2014 – 10:40:54 —A- . (…) — C:WindowsSystem32DriversaswHwid.sys [29208] =>.ALWIL Software
    O58 – SDL:23/07/2014 – 10:40:54 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65776] =>.ALWIL Software
    O58 – SDL:23/07/2014 – 10:40:55 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [224896] =>.ALWIL Software
    O58 – SDL:03/08/2012 – 10:36:52 —A- . (.Windows (R) Win 7 DDK provider – Synology Virtual USB Hub.) — C:WindowsSystem32Driversbusenum.sys [55776]
    O58 – SDL:14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
    O58 – SDL:10/06/2009 – 21:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
    O58 – SDL:07/02/2013 – 09:31:14 R–A- . (.NT Kernel Resources – NDISRD helper driver.) — C:WindowsSystem32Driversndisrd.sys [32840]
    O58 – SDL:19/04/2013 – 03:56:48 —A- . (…) — C:WindowsSystem32Driversnvflash.sys [15648]
    O58 – SDL:14/07/2009 – 02:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
    O58 – SDL:22/08/2013 – 13:40:24 —A- . (.The OpenVPN Project – TAP-Windows Virtual Network Driver.) — C:WindowsSystem32Driverstap0901.sys [40664]
    O58 – SDL:29/11/2013 – 09:31:28 —A- . (…) — C:WindowsSystem32ampa.sys [17008]
    O58 – SDL:21/08/2012 – 19:54:10 R–A- . (…) — C:WindowsSysWOW64driversAsIO.sys [15232]
    O58 – SDL:14/09/2012 – 03:06:23 R–A- . (…) — C:WindowsSysWOW64driversAsUpIO.sys [14464]
    O58 – SDL:02/04/2009 – 13:30:14 —A- . (…) — C:WindowsSysWOW64driversASUSHWIO.SYS [10296]
    O58 – SDL:29/11/2013 – 09:31:28 —A- . (…) — C:WindowsSysWOW64ampa.sys [17008]
    ~ Drivers: 93 Legitimates Filtered in 00mn 00s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Liste les services legacy du registre (LALS) (O64)
    O64 – Services: CurCS – 23/07/2014 – C:Windowssystem32driversaswHwid.sys (aswHwid) .(…) – LEGACY_ASWHWID
    ~ Legacy: 93 Legitimates Filtered in 00mn 00s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
    ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: “{50E86DB5-872C-48A7-8ED7-31F6D6542D29}” | In – None – P6 – TRUE | .(.BitTorrent Inc. – µTorrent.) — F:Downloadstorrent_3-4-build-30635_fr_18245.exe =>P2P.BitTorrent
    O87 – FAEL: “{FAD57A23-6B11-4E3A-BF15-804B187825AB}” | In – None – P17 – TRUE | .(.BitTorrent Inc. – µTorrent.) — F:Downloadstorrent_3-4-build-30635_fr_18245.exe =>P2P.BitTorrent
    O87 – FAEL: “{AEEDCC9F-2ADC-4CA4-873A-C41FE8FA58D4}” | In – None – P6 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:UsersClementAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    O87 – FAEL: “{F2D83A52-5F3D-4695-A3BA-32E4EB1C18EE}” | In – None – P17 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:UsersClementAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    ~ Firewall: 4 Legitimates Filtered in 00mn 00s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Disabled 02/03/2014 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Disabled 02/03/2014 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 02/01/2013 171632 | (ICCS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Integrated Clock Controller ServiceICCProxy.exe
    SS – | Demand 27/08/2013 828376 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) – C:Program FilesInteliCLS ClientSocketHeciServer.exe
    SS – | Demand 29/05/2014 543424 | (Steam Client Service) . (.Valve Corporation.) – C:Program Files (x86)Common FilesSteamSteamService.exe
    SR – | Auto 07/05/2013 936728 | (asComSvc) . (…) – C:Program Files (x86)ASUSAXSP1.01.02atkexComSvc.exe
    SR – | Auto 17/01/2012 55296 | (ASGT) . (…) – C:WindowsSysWOW64ASGT.exe
    SR – | Auto 07/05/2013 945152 | (asHmComSvc) . (.ASUSTeK Computer Inc..) – C:Program Files (x86)ASUSAAHM1.00.22aaHMSvc.exe
    SR – | Auto 09/05/2013 1639424 | (AsusFanControlService) . (.ASUSTeK Computer Inc..) – C:Program Files (x86)ASUSAsusFanControlService1.02.22AsusFanControlService.exe
    SR – | Auto 23/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
    SR – | Auto 21/11/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
    SR – | Auto 27/08/2013 747520 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) – C:Program FilesInteliCLS ClientHeciServer.exe
    SR – | Auto 10/12/2013 169432 | (jhi_service) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe
    SR – | Auto 10/12/2013 390616 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
    SR – | Auto 24/02/2014 2818888 | (MaConfigAgent) . (.CybelSoft.) – C:Program Filesma-config.comMaConfigAgent.exe
    SR – | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe
    SR – | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe
    SR – | Auto 06/02/2014 10752 | (NoIPDUCService4) . (…) – C:Program Files (x86)No-IPducservice.exe
    SR – | Auto 25/07/2014 1720608 | (NvNetworkService) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe
    SR – | Auto 25/07/2014 18956064 | (NvStreamSvc) . (.NVIDIA Corporation.) – C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe
    SR – | Auto 02/07/2014 935368 | (nvsvc) . (.NVIDIA Corporation.) – C:Windowssystem32nvvsvc.exe
    SR – | Auto 02/07/2014 411936 | (Stereo Service) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe
    SR – | Auto 23/01/2014 248736 | (UsbClientService) . (…) – C:Program Files (x86)SynologyAssistantUsbClientService.exe
    SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 03s

    —\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Run by Clement at 17/08/2014 23:28:51
    ~ OS 64 not supported by MBR tool
    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by Clement at 17/08/2014 23:28:53
    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 13026 – (16/08/2014)
    Clés trouvées (Keys found) : 0
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 1
    Fichiers trouvés (Files found) : 1

    C:UsersClementAppDataRoamingStore =>PUP.Nosibay^
    C:WindowsAutoKMSAutoKMS.exe =>Trojan.AutoKMS^
    ~ Additionnel Scan: 196869 Items scanned in 00mn 09s

    —\ Informations complémentaires sur les modules
    ~ http://nicolascoolman.fr/g2-google-chrome-extensions/” onclick=”window.open(this.href);return false; =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/” onclick=”window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
    ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/” onclick=”window.open(this.href);return false; =>.Internet Explorer Toolbars (O3)
    ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/” onclick=”window.open(this.href);return false; =>.Applications lancées au démarrage du système (O4)
    ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/” onclick=”window.open(this.href);return false; =>.Clé de registre Shell MountPoints2 (MPKS) (O51)
    ~ AMI: 5 Legitimates Filtered in 00mn 00s

    —\ Récapitulatif des détections trouvées sur votre station
    http://nicolascoolman.fr/trojan-autokms” onclick=”window.open(this.href);return false; =>Trojan.AutoKMS
    ~ MSI: 1 link(s) detected in 00mn 00s

    ~ 892 Legitimates filtered by white list
    End of the scan (447 lines in 00mn 59s)(0)[/spoiler:1sk6pv8j]

  • buckhulk
    Participant
    Nombre d'articles : 2391

    vraiment rapide….

    commence par passer USBFix puis AdsFix et tu me refais un ZHPDiag après s’il te plait :merci2:

    1. Télécharge USBFix (de El Desaparecido) sur ton Bureau !
    2. Branche toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc…) sans les ouvrir.
    3. Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    4. Choisis l’option Nettoyage

    5. Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse

    ______________________________________________________________
    AdsFix

    Important : Désactive ton antivirus sinon l’outil ne pourra pas travailler convenablement.

    Télécharge AdsFix ICI sur ton bureau.

    Note : Enregistrer votre travail avant de continuer !

    – Lances AdsFix,
    – Inscris ton pays,
    – Cliques sur Nettoyer

    Note : Patiente le temps du scan

    – Laisse travailler l’outil même s’il te parait bloqué
    – Si l’outil détecte un proxy que tu ne connais pas clic sur : “Supprimer le proxy”
    – Héberge le rapport C:AdsFix_date_heure.txt sur SOSUpload puis donne le lien obtenu.

    Tutoriel AdsFix

    3 rapports dans ton prochain messages s’il te plait ! :merci2:

  • klem1
    Participant
    Nombre d'articles : 25

    USB FIX
    [spoiler:1rdbvswj]############################## | UsbFix V 7.178 | [Nettoyage]

    Utilisateur: Clement (Administrateur) # CLEMENT-PC
    Mis à jour le 08/08/2014 par El Desaparecido – SosVirus
    Lancé à 23:47:26 | 17/08/2014

    Site Web : http://www.usbfix.net/
    Changelog : http://www.usbfix.net/maj/
    Assistance : https://www.sosvirus.net/aide-nettoyage-pc/
    Upload Malware : https://www.sosvirus.net/upload_malware.php
    Contact : http://www.usbfix.net/contact/

    ################## | System information |

    MB: ASUSTeK COMPUTER INC. (Z87-C)
    CPU: Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
    GC: NVIDIA GeForce GTX 770
    RAM -> [Total : 8130 Mo | Free : 5691 Mo]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft™ Windows 7 Professional (6.1.7601 64-Bit) Service Pack 1
    WB: Internet Explorer : 11.00.9600.16428
    WB: Google Chrome : 36.0.1985.125

    ################## | Security Information |

    AV: avast! Antivirus [(!) Désactivé |A jour]
    AS: Windows Defender [Actif |(!) Non à jour]
    AS: avast! Antivirus [(!) Désactivé |A jour]
    AS: Malwarebytes Anti-Malware : 2.0.2.1012
    FW: Windows Firewall [Actif]
    SC: Security Center [Actif]
    WU: Windows Update [Actif]

    ################## | Disk Information |

    C: (%SystemDrive%) -> Disque fixe # 107 Go (42 Go libre(s) – 39%) [SSD] # NTFS
    E: -> Disque fixe # 100 Mo (66 Mo libre(s) – 66%) [Réservé au système] # NTFS
    F: -> Disque fixe # 977 Go (519 Go libre(s) – 53%) [Bibliothèques] # NTFS
    J: -> Disque fixe # 443 Go (302 Go libre(s) – 68%) [Jeux] # NTFS
    P: -> Disque fixe # 443 Go (419 Go libre(s) – 94%) [Programme] # NTFS

    ################## | Autorun |

    ################## | Recherche générique |

    (!) Fichiers temporaires supprimés. (24.0152387619019 MB)

    ################## | Registre |

    Supprimé! [x64] HKLMSoftwareMicrosoftShared ToolsMSConfigstartupregMsn

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] userinit.exe,
    F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [GoogleChromeAutoLaunch_9E929130E8EBB2E1654F3E39F9DE2EFB] “C:Program Files (x86)GoogleChromeApplicationchrome.exe” –no-startup-window
    04 – HKLM..Run : [AvastUI.exe] “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
    04 – [x64] HKLM..Run : [ProfilerU] C:Program FilesSaitekSD6SoftwareProfilerU.exe
    04 – [x64] HKLM..Run : [NvBackend] “C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe”
    04 – [x64] HKLM..Run : [ShadowPlay] C:Windowssystem32rundll32.exe C:Windowssystem32nvspcap64.dll,ShadowPlayOnSystemStart
    04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-825608802-4289994647-314183835-1000..Run : [GoogleChromeAutoLaunch_9E929130E8EBB2E1654F3E39F9DE2EFB] “C:Program Files (x86)GoogleChromeApplicationchrome.exe” –no-startup-window
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-18..RunOnce : [SPReview] “C:WindowsSystem32SPReviewSPReview.exe” /sp:1 /errorfwlink:”http://go.microsoft.com/fwlink/?LinkID=122915″ /build:7601

    ################## | UsbFix – Information |

    Info : Comment supprimer l'infection des raccourcis sur USB ? (Video)
    Info : L'infection des raccourcis USB, c'est quoi ?

    ################## | Hijack |

    ################## | C: %SystemDrive% – Disque Fixe (NTFS) |

    [17/08/2014 – 23:27:12 | A | 1 Ko] – C:DelFix.txt
    [17/08/2014 – 23:04:39 | ASH | 6243848 Ko] – C:hiberfil.sys
    [17/08/2014 – 23:04:39 | ASH | 8325132 Ko] – C:pagefile.sys
    [17/08/2014 – 20:59:00 | D] – C:Config.Msi
    [01/03/2014 – 16:42:55 | A | 2 Ko] – C:RHDSetup.log
    [17/07/2014 – 22:14:30 | A | 0 Ko] – C:setup.log
    [01/03/2014 – 16:30:55 | SHD] – C:$Recycle.Bin
    [18/04/2014 – 16:27:17 | N | 1 Ko] – C:AMTAG.BIN
    [17/08/2014 – 23:28:51 | A | 1 Ko] – C:PhysicalDisk0_MBR.bin
    [14/07/2009 – 05:20:08 | D] – C:PerfLogs
    [14/07/2009 – 07:08:56 | SHD] – C:Documents and Settings
    [01/03/2014 – 16:30:51 | SHD] – C:Recovery
    [01/03/2014 – 16:30:52 | RD] – C:Users
    [01/03/2014 – 16:41:03 | D] – C:Intel
    [01/03/2014 – 20:42:29 | D] – C:Données EuroSoft Software Development
    [02/03/2014 – 20:23:02 | RHD] – C:MSOCache
    [15/04/2014 – 13:07:51 | D] – C:RegBackup
    [18/04/2014 – 15:19:31 | D] – C:88625521814
    [10/05/2014 – 16:24:52 | D] – C:JEUX SSD
    [06/08/2014 – 00:02:05 | D] – C:Temp
    [17/08/2014 – 22:37:15 | D] – C:NVIDIA
    [17/08/2014 – 22:37:20 | D] – C:Program Files
    [17/08/2014 – 22:37:20 | HD] – C:ProgramData
    [17/08/2014 – 22:37:55 | SHD] – C:System Volume Information
    [17/08/2014 – 22:37:58 | D] – C:Windows
    [17/08/2014 – 23:27:52 | RD] – C:Program Files (x86)
    [17/08/2014 – 23:46:59 | D] – C:UsbFix

    ################## | E: – Disque Fixe (NTFS) |

    [01/03/2014 – 16:35:16 | SHD] – E:$RECYCLE.BIN
    [01/01/2009 – 01:47:13 | RASH | 8 Ko] – E:BOOTSECT.BAK
    [20/11/2010 – 14:40:07 | RASH | 375 Ko] – E:bootmgr
    [19/01/2014 – 17:24:59 | SHD] – E:Boot
    [17/08/2014 – 21:28:37 | SHD] – E:System Volume Information

    ################## | F: – Disque Fixe (NTFS) |

    [01/08/2014 – 23:23:09 | D] – F:msdownld.tmp
    [02/03/2014 – 18:55:11 | SHD] – F:$RECYCLE.BIN
    [18/04/2014 – 12:20:18 | D] – F:nas
    [19/04/2014 – 18:11:00 | D] – F:Sauvegarde
    [26/04/2014 – 16:50:31 | D] – F:FFOutput
    [06/06/2014 – 18:10:48 | RD] – F:Documents
    [25/07/2014 – 16:54:23 | D] – F:Vidéos
    [03/08/2014 – 13:13:54 | RD] – F:Pictures
    [03/08/2014 – 13:17:15 | RD] – F:Videos
    [17/08/2014 – 15:11:24 | RD] – F:Music
    [17/08/2014 – 21:28:37 | SHD] – F:System Volume Information
    [17/08/2014 – 23:46:44 | RD] – F:Downloads

    ################## | J: – Disque Fixe (NTFS) |

    [15/08/2014 – 01:25:06 | D] – J:Battle.net
    [02/03/2014 – 18:10:40 | SHD] – J:$RECYCLE.BIN
    [18/03/2014 – 21:24:18 | D] – J:Program Files (x86)
    [18/03/2014 – 21:25:52 | D] – J:titanfall
    [22/03/2014 – 22:36:01 | D] – J:UT2003
    [26/06/2014 – 18:16:20 | D] – J:Steam
    [15/08/2014 – 12:01:10 | D] – J:Origin
    [16/08/2014 – 03:05:53 | D] – J:Diablo III
    [17/08/2014 – 15:42:25 | D] – J:NEED FOR SPEED CARBON
    [17/08/2014 – 21:28:37 | SHD] – J:System Volume Information

    ################## | P: – Disque Fixe (NTFS) |

    [03/04/2014 – 13:42:30 | A | 2 Ko] – P:License.txt
    [04/04/2014 – 22:03:00 | A | 4 Ko] – P:Version.txt
    [30/05/2014 – 18:12:01 | A | 2 Ko] – P:mp3DirectCut.ini
    [02/04/2014 – 14:35:08 | A | 16 Ko] – P:FAQ.htm
    [04/04/2014 – 16:45:06 | A | 29 Ko] – P:Manual.htm
    [04/04/2014 – 20:42:54 | A | 132 Ko] – P:mp3DirectCut.exe
    [02/03/2014 – 17:40:32 | SHD] – P:$RECYCLE.BIN
    [26/04/2014 – 16:54:32 | D] – P:Cheat Engine 6.3
    [16/08/2014 – 20:10:59 | D] – P:newshosting-1.6.1
    [02/03/2014 – 20:27:02 | RD] – P:Program Files
    [26/04/2014 – 14:24:49 | D] – P:FormatFactory
    [07/05/2014 – 14:59:48 | D] – P:Le Chercheur de Mots
    [30/05/2014 – 17:58:04 | D] – P:Languages
    [07/06/2014 – 19:00:26 | D] – P:CDBurnerXP
    [01/08/2014 – 23:23:14 | D] – P:OCCTPT
    [12/08/2014 – 17:34:11 | D] – P:Toolbox
    [17/08/2014 – 15:29:47 | D] – P:DAEMON Tools Lite
    [17/08/2014 – 20:36:25 | RD] – P:Program Files (x86)
    [17/08/2014 – 20:57:55 | D] – P:Antimalware Engine
    [17/08/2014 – 21:28:37 | SHD] – P:System Volume Information

    ################## | Vaccin |

    C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    E:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    J:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    P:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | https://www.sosvirus.net/ | http://www.usbfix.net/ |[/spoiler:1rdbvswj]

    adx fix
    [spoiler:1rdbvswj]¤¤¤¤¤¤¤¤¤¤ | AdsFix | g3n-h@ckm@n | 17.08.2014.8

    ¤¤¤¤¤ Vista | 7 | 8 | 8.1 – 32/64 bits ¤¤¤¤¤ – Start 23:49:12 – 17/08/2014

    Mis à jour le : 17/08/2014 | 23.30 par g3n-h@ckm@n
    Contact : https://www.sosvirus.net” onclick=”window.open(this.href);return false;
    Assistance : forum-virus-securite.html
    Feedbacks : feedbacks-t75915.html
    Boot: Normal boot
    [Clement (Administrator)] – [CLEMENT-PC] – (France [040C])
    SID = S-1-5-21-825608802-4289994647-314183835-1000 || [436C656D656E74]
    PC : ASUSTeK COMPUTER INC. – Z87-C – All
    Bios : American Megatrends Inc. – 05/17/2013
    Système : Windows 7 Professional (64 bits) Professional Service Pack 1
    Mémoire RAM = Total (MB) : 8325 | Libre (MB) : 6271
    Pagefile = Total (MB) : 16648 | Libre (MB) : 14406
    Virtuelle = Total (MB) : 4194 | Libre (MB) : 4004

    Registre sauvegardé , pour restaurer : Cliquer sur Options & Restaurer le registre
    Restauration de fichiers ou dossiers supprimés par erreur : Cliquer sur Options & Restaurer Fichiers ou dossiers, Sélectionner un élément >> “Restaurer”

    ¤¤¤¤¤¤¤¤¤¤ | Mises à jour Windows

    Aucune mise à jour détectée !!!

    ¤¤¤¤¤¤¤¤¤¤ | Navigateurs

    IE : 11.0.9600.17207 (© Microsoft Corporation. Tous droits réservés.)
    GC : 36.0.1985.125 (Copyright 2012 Google Inc. All rights reserved.)

    ¤¤¤¤¤¤¤¤¤¤ | Security (atcav : 5)

    AM : Malwarebytes' Anti-Malware (1.0.0.532) [2014.08.17.05]
    FW :
    WMI : OK
    WU: Windows Update Service [Auto(2)] = Arrêté
    AS: Windows Defender [Auto(2)] = Arrêté
    FW: Windows FireWall Service [Auto(2)] = Arrêté

    ¤¤¤¤¤¤¤¤¤¤ | FlashPlayer

    ¤¤¤¤¤¤¤¤¤¤ | Processus tués

    5596 | [Owner : Clement |Parent : 856] – (.Microsoft Corporation – Sink to receive asynchronous callbacks for WMI client application.) – (6.1.7600.16385) = C:WindowsSystem32wbemunsecapp.exe
    3392 | [Owner : SERVICE LOCAL |Parent : 1056] – (.Microsoft Corporation – Windows Driver Foundation – Processus hôte de l’infrastructure de pilotes en mode utilisateur.) – (6.2.9200.16384) = C:WindowsSystem32WUDFHost.exe
    2508 | [Owner : Clement |Parent : 856] – (.Microsoft Corporation – Processus hôte Windows (Rundll32).) – (6.1.7600.16385) = C:WindowsSystem32rundll32.exe
    6796 | [Owner : Système |Parent : 736] – (.Intel(R) Corporation – Intel(R) Capability Licensing Service Interface.) – (1.31.8.1) = C:Program FilesInteliCLS ClientHeciServer.exe
    2888 | [Owner : Système |Parent : 736] – (. – .) – (0.0.0.0) = C:Program Files (x86)SynologyAssistantUsbClientService.exe
    4572 | [Owner : SERVICE RÉSEAU |Parent : 940] – (.Microsoft Corporation – Microsoft Malware Protection Command Line Utility.) – (6.1.7600.16385) = C:Program FilesWindows DefenderMpCmdRun.exe
    6548 | [Owner : Clement |Parent : 856] – (.Microsoft Corporation – Processus hôte Windows (Rundll32).) – (6.1.7600.16385) = C:WindowsSystem32rundll32.exe
    2864 | [Owner : Système |Parent : 736] – (.Microsoft Corporation – Indexeur Microsoft Windows Search.) – (7.0.7601.17610) = C:WindowsSystem32SearchIndexer.exe
    2364 | [Owner : Clement |Parent : 3556] – (.Microsoft Corporation – Explorateur Windows.) – (6.1.7601.17567) = C:Windowsexplorer.exe
    5824 | [Owner : Système |Parent : 2864] – (.Microsoft Corporation – Microsoft Windows Search Protocol Host.) – (7.0.7601.17610) = C:WindowsSystem32SearchProtocolHost.exe
    4720 | [Owner : Système |Parent : 2864] – (.Microsoft Corporation – Microsoft Windows Search Filter Host.) – (7.0.7601.17610) = C:WindowsSystem32SearchFilterHost.exe
    7064 | [Owner : Système |Parent : 736] – (.CybelSoft – Service de détection matériel.) – (7.1.3.0) = C:Program Filesma-config.comMaConfigAgent.exe
    7108 | [Owner : SERVICE RÉSEAU |Parent : 736] – (.Microsoft Corporation – Service Partage réseau du Lecteur Windows Media.) – (12.0.7601.17514) = C:Program FilesWindows Media Playerwmpnetwk.exe
    6280 | [Owner : Système |Parent : 736] – (.Microsoft Corp. – Microsoft® Windows Live ID Service.) – (7.250.4311.0) = C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE
    6608 | [Owner : Système |Parent : 736] – (.Microsoft Corporation – Application sous-système spouleur.) – (6.1.7601.17777) = C:WindowsSystem32spoolsv.exe
    5112 | [Owner : Système |Parent : 736] – (.Intel(R) Corporation – Intel(R) Capability Licensing Service Interface.) – (1.31.8.1) = C:Program FilesInteliCLS ClientHeciServer.exe

    ¤¤¤¤¤¤¤¤¤¤ | Services

    Service stoppé : WINDEFEND
    Service stoppé : WinHttpAutoProxysvc
    Service stoppé : Webclient
    Service stoppé : SSDPSRV
    Service stoppé : DNScache

    ¤¤¤¤¤¤¤¤¤¤ | Hosts

    C:WindowsSystem32Driversetchosts : Remis a zéro avec succès

    ¤¤¤¤¤¤¤¤¤¤ | SafeBoot

    ¤¤¤¤¤¤¤¤¤¤ | Registre

    Supprimé avec succès : HKLMSOFTWAREClassesInterface{3856F531-CD1E-4B00-91C7-ED75EC8E7C18} : IOneTab
    Supprimé avec succès : HKLMSOFTWAREClassesInterface{DAF611F6-C2A6-41E8-B9A9-AFC0EFFDA9ED} : ISafeshop
    Supprimé avec succès : HKLM64SOFTWAREClassesInterface{3856F531-CD1E-4B00-91C7-ED75EC8E7C18} : IOneTab
    Supprimé avec succès : HKLM64SOFTWAREClassesInterface{DAF611F6-C2A6-41E8-B9A9-AFC0EFFDA9ED} : ISafeshop
    Supprimé avec succès : HKLMSOFTWAREMicrosoftInternet ExplorerExtension Compatibility{100EB1FD-D03E-47FD-81F3-EE91287F9465} : ShopperReports.dll
    Supprimé avec succès : HKLMSOFTWAREMicrosoftInternet ExplorerExtension Compatibility{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} : alotBHO.dll;alotBHO.dll
    Supprimé avec succès : HKLMSOFTWAREMicrosoftInternet ExplorerExtension Compatibility{258C9770-1713-4021-8D7E-1F184A2BD754} : ShoppingReport.dll
    Supprimé avec succès : HKLMSOFTWAREMicrosoftInternet ExplorerExtension Compatibility{2A0F3D1B-0909-4FF4-B272-609CCE6054E7} : PCTBrowserDefender.dll
    Supprimé avec succès : HKLMSOFTWAREMicrosoftInternet ExplorerExtension Compatibility{2EECD738-5844-4A99-B4B6-146BF802613B} : BabylonToolbar.dll
    Supprimé avec succès : HKLMSOFTWAREMicrosoftInternet ExplorerExtension Compatibility{472734EA-242A-422B-ADF8-83D1E48CC825} : PCTBrowserDefender.dll
    Supprimé avec succès : HKLMSOFTWAREMicrosoftInternet ExplorerExtension Compatibility{57F02779-3D88-4958-8AD3-83C12D86ADC7} : advancedsearchbar.dll
    Supprimé avec succès : HKLMSOFTWAREMicrosoftInternet ExplorerExtension Compatibility{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} : alot.dll;alot.dll
    Supprimé avec succès : HKLMSOFTWAREMicrosoftInternet ExplorerExtension Compatibility{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} : BabylonToolbar.dll
    Supprimé avec succès : HKLMSOFTWAREMicrosoftInternet ExplorerExtension Compatibility{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} : ShoppingReport.dll
    Supprimé avec succès : HKLMSOFTWAREMicrosoftInternet ExplorerExtension Compatibility{CDEEC43D-3572-4E95-A2A5-F519D29F00C0} : advancedsearchbar.dll
    Supprimé avec succès : HKLM64SOFTWAREMicrosoftInternet ExplorerExtension Compatibility{100EB1FD-D03E-47FD-81F3-EE91287F9465}
    Supprimé avec succès : HKLM64SOFTWAREMicrosoftInternet ExplorerExtension Compatibility{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}
    Supprimé avec succès : HKLM64SOFTWAREMicrosoftInternet ExplorerExtension Compatibility{258C9770-1713-4021-8D7E-1F184A2BD754}
    Supprimé avec succès : HKLM64SOFTWAREMicrosoftInternet ExplorerExtension Compatibility{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
    Supprimé avec succès : HKLM64SOFTWAREMicrosoftInternet ExplorerExtension Compatibility{2EECD738-5844-4A99-B4B6-146BF802613B}
    Supprimé avec succès : HKLM64SOFTWAREMicrosoftInternet ExplorerExtension Compatibility{472734EA-242A-422B-ADF8-83D1E48CC825}
    Supprimé avec succès : HKLM64SOFTWAREMicrosoftInternet ExplorerExtension Compatibility{57F02779-3D88-4958-8AD3-83C12D86ADC7}
    Supprimé avec succès : HKLM64SOFTWAREMicrosoftInternet ExplorerExtension Compatibility{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
    Supprimé avec succès : HKLM64SOFTWAREMicrosoftInternet ExplorerExtension Compatibility{74F475FA-6C75-43BD-AAB9-ECDA6184F600} : SuperfishIEAddon.dll;SuperfishIEAddon.dll
    Supprimé avec succès : HKLM64SOFTWAREMicrosoftInternet ExplorerExtension Compatibility{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Supprimé avec succès : HKLM64SOFTWAREMicrosoftInternet ExplorerExtension Compatibility{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
    Supprimé avec succès : HKLM64SOFTWAREMicrosoftInternet ExplorerExtension Compatibility{CDEEC43D-3572-4E95-A2A5-F519D29F00C0}

    ¤¤¤¤¤¤¤¤¤¤ | Offsets

    ¤¤¤¤¤¤¤¤¤¤ | reparsepoint

    ¤¤¤¤¤¤¤¤¤¤ | Dossiers | Fichiers

    Supprimé avec succès : C:UsersClementDocumentsAPNSetup.exe (Copyright © 2013 Ask Partner Network. All rights reserved..- .Stub Installer) ApnSetup.exe
    Supprimé avec succès : C:UsersClementAppDataLocalMicrosoftFeeds CacheQQSA6R9H
    Supprimé avec succès : C:UsersClementAppDataLocalTempjrtbrowsermngr_keys.cfg (.- .)
    Supprimé avec succès : C:UsersClementAppDataLocalTempjrtbrowsermngr_values.cfg (.- .)
    Supprimé avec succès : C:UsersClementAppDataLocalTempjrtFFbrowsermngr.dat (.- .)
    [D5]Supprimé avec succès : C:UsersClementAppDataRoamingBubble Dock.installation.log
    [D5]Supprimé avec succès : C:UsersClementAppDataRoamingWindApp.boostrap.log
    [D5]Supprimé avec succès : C:UsersClementAppDataRoamingWindApp.installation.log

    ¤¤¤¤¤¤¤¤¤¤ | .LNK

    ¤¤¤¤¤¤¤¤¤¤ | Ouverture extension inconnue

    ¤¤¤¤¤¤¤¤¤¤ | Proxy

    ¤¤¤¤¤¤¤¤¤¤ | Internet Explorer

    Réparé : [HKLM64SOFTWAREMicrosoftInternet ExplorerMain]|[Local Page] : C:WindowsSystem32blank.htm -> C:WindowsSysWOW64blank.htm
    Réparé : [HKUS-1-5-21-825608802-4289994647-314183835-1000SOFTWAREMicrosoftInternet ExplorerMainWindow Title]|[] : -> Internet Explorer
    Réparé : [HKUS-1-5-21-825608802-4289994647-314183835-1000SOFTWAREMicrosoftInternet ExplorerMain]|[Search Bar] : -> http://www.google.com/” onclick=”window.open(this.href);return false;
    Réparé : [HKUS-1-5-21-825608802-4289994647-314183835-1000SOFTWAREMicrosoftInternet ExplorerMain]|[Start Default_Page_URL] : -> http://www.google.com/” onclick=”window.open(this.href);return false;
    Réparé : [HKUS-1-5-21-825608802-4289994647-314183835-1000SOFTWAREMicrosoftInternet ExplorerMain]|[Local Page] : C:Windowssystem32blank.htm -> C:WindowsSysWOW64blank.htm
    Réparé : [HKUS-1-5-21-825608802-4289994647-314183835-1000SOFTWAREMicrosoftInternet ExplorerMain]|[Default_Search_URL] : -> http://go.microsoft.com/fwlink/?LinkId=54896” onclick=”window.open(this.href);return false;
    Réparé : [HKUS-1-5-21-825608802-4289994647-314183835-1000SOFTWAREMicrosoftInternet ExplorerMain]|[Default_Page_URL] : -> http://go.microsoft.com/fwlink/?LinkId=69157” onclick=”window.open(this.href);return false;
    Réparé : [HKUS-1-5-21-825608802-4289994647-314183835-1000SOFTWAREMicrosoftInternet ExplorerSearchURL]|[Default] : -> http://www.google.com/” onclick=”window.open(this.href);return false;
    Réparé : [HKUS-1-5-21-825608802-4289994647-314183835-1000SOFTWAREMicrosoftInternet ExplorerMain]|[CustomizeSearch] : -> http://www.google.com/” onclick=”window.open(this.href);return false;
    Réparé : [HKUS-1-5-21-825608802-4289994647-314183835-1000SOFTWAREMicrosoftInternet ExplorerSearch]|[SearchAssistant] : -> http://www.google.com/” onclick=”window.open(this.href);return false;
    Réparé : [HKUS-1-5-21-825608802-4289994647-314183835-1000SOFTWAREMicrosoftInternet ExplorerSearch]|[Search Bar] : -> http://www.google.com/” onclick=”window.open(this.href);return false;
    Réparé : [HKUS-1-5-21-825608802-4289994647-314183835-1000SOFTWAREMicrosoftInternet ExplorerSearch]|[Start Page] : -> http://www.google.com/” onclick=”window.open(this.href);return false;
    Réparé : [HKUS-1-5-21-825608802-4289994647-314183835-1000SOFTWAREMicrosoftInternet ExplorerSearch]|[Start Default_Page_URL] : -> http://www.google.com/” onclick=”window.open(this.href);return false;
    Réparé : [HKUS-1-5-21-825608802-4289994647-314183835-1000SOFTWAREMicrosoftInternet ExplorerSearch]|[Local Page] : -> C:WindowsSysWOW64blank.htm
    Réparé : [HKUS-1-5-21-825608802-4289994647-314183835-1000SOFTWAREMicrosoftInternet ExplorerSearch]|[Search Page] : -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch” onclick=”window.open(this.href);return false;
    Réparé : [HKUS-1-5-21-825608802-4289994647-314183835-1000SOFTWAREMicrosoftInternet ExplorerSearch]|[Default_Search_URL] : -> http://go.microsoft.com/fwlink/?LinkId=54896” onclick=”window.open(this.href);return false;
    Réparé : [HKUS-1-5-21-825608802-4289994647-314183835-1000SOFTWAREMicrosoftInternet ExplorerSearch]|[Default_Page_URL] : -> http://go.microsoft.com/fwlink/?LinkId=69157” onclick=”window.open(this.href);return false;
    Réparé : [HKUS-1-5-21-825608802-4289994647-314183835-1000SOFTWAREMicrosoftInternet ExplorerSearch]|[CustomizeSearch] : -> http://www.google.com/” onclick=”window.open(this.href);return false;
    Réparé : [HKUS-1-5-21-825608802-4289994647-314183835-1000SOFTWAREMicrosoftInternet ExplorerAboutURLs]|[Tabs] : -> http://www.google.com/” onclick=”window.open(this.href);return false;

    ¤¤¤¤¤¤¤¤¤¤ | Google Chrome

    [Clement] Remis a zéro avec succès : SearchURL

    [Clement | Default] : aohghmighlieiainnegkcijnfilokake = : Google & co – Google & co – https://clients2.google.com/service/update2/crx” onclick=”window.open(this.href);return false;
    [Clement | Default] : apdfllckaahabafndbhieahigkjlhalf = : Google & co – https://drive.google.com/?usp=chrome_app” onclick=”window.open(this.href);return false; – Google & co – [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] – http://clients2.google.com/service/update2/crx” onclick=”window.open(this.href);return false;
    [Clement | Default] : blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co – http://www.youtube.com” onclick=”window.open(this.href);return false; – http://www.youtube.com/?feature=ytca” onclick=”window.open(this.href);return false; – Google & co – http://clients2.google.com/service/update2/crx” onclick=”window.open(this.href);return false;
    [Clement | Default] : cfhdojbkjhnklbpkdaibdccddilifddb = : __MSG_description_chrome__ – __MSG_name__ – https://clients2.google.com/service/update2/crx” onclick=”window.open(this.href);return false;
    [Clement | Default] : coobgpohoikkiipiblmjeljniedjpjpf = : Google & co – http://www.google.com/webhp?source=search_app” onclick=”window.open(this.href);return false; – Google & co –

  • http://clients2.google.com/service/update2/crx” onclick=”window.open(this.href);return false;
    [Clement | Default] : dlkebobkkpgcbkhfhiaejpkflhgpgkig = : Application Chrome Seedbox.fr – Seedbox.fr Extension Chrome – http://clients2.google.com/service/update2/crx” onclick=”window.open(this.href);return false;
    [Clement | Default] : epanfjkfahimkgomnigadpkobaefekcd = : Protect your privacy. Stop companies & advertisers from tracking your browsing and sending you spam email. – DoNotTrackMe: Online Privacy Protection – permissions:[webRequestwebRequestBlockingtabscookiesu003Call_urls>contextMenusclipboardWritestorage] – https://clients2.google.com/service/update2/crx” onclick=”window.open(this.href);return false;
    [Clement | Default] : gighmmpiobklfepjocnamgkkbiglidom = : __MSG_description2__ – AdBlock – https://clients2.google.com/service/update2/crx” onclick=”window.open(this.href);return false;
    [Clement | Default] : gomekmidlodglbbmalcneegieacbdmki = : Avast Browser Security and Web Reputation Plugin. – avast! Online Security – https://clients2.google.com/service/update2/crx” onclick=”window.open(this.href);return false;
    [Clement | Default] : hdokiejnpimakedhajhdlcegeplioahd = : LastPass an award-winning password manager saves your passwords and gives you secure access from every computer and mobile device. – short_name: LastPass – https://clients2.google.com/service/update2/crx” onclick=”window.open(this.href);return false;
    [Clement | Default] : nmmhkkegccagdldgiimedpiccmgmieda = : Google & co – Google & co – 203784468217.apps.googleusercontent.com – https://clients2.google.com/service/update2/crx” onclick=”window.open(this.href);return false;
    [Clement | Default] : onhbegdkgonhlokobjefolhpoidcnida = : __MSG_chromeExtensionDescription__ – Synology Download Station – matches:[u003Call_urls>] – https://clients2.google.com/service/update2/crx” onclick=”window.open(this.href);return false;
    [Clement | Default] : pjkljhegncpnkpknbcohdijeoejaedia = : Google & co – https://mail.google.com/mail/ca” onclick=”window.open(this.href);return false; – Google & co –
  • http://clients2.google.com/service/update2/crx” onclick=”window.open(this.href);return false;

    ¤¤¤¤¤¤¤¤¤¤ | Chromium

    ¤¤¤¤¤¤¤¤¤¤ | Comodo Dragon

    ¤¤¤¤¤¤¤¤¤¤ | Firefox

    ¤¤¤¤¤¤¤¤¤¤ | SeaMonkey

    ¤¤¤¤¤¤¤¤¤¤ | Pale moon

    ¤¤¤¤¤¤¤¤¤¤ | Opera

    ¤¤¤¤¤¤¤¤¤¤ | Spark

    ¤¤¤¤¤¤¤¤¤¤ | StartMenuInternet

    ¤¤¤¤¤¤¤¤¤¤ | AppCertDlls | AppInit_DLLs

    ¤¤¤¤¤¤¤¤¤¤ | Javascript

    ¤¤¤¤¤¤¤¤¤¤ | Firewall

    ¤¤¤¤¤¤¤¤¤¤ | ADS

    ¤¤¤¤¤¤¤¤¤¤ | Fichiers temporaires

    [All Users] Fichiers temporaires Supprimés : 0 Ko
    [Clement] Fichiers temporaires Supprimés : 166132 Ko
    [Default] Fichiers temporaires Supprimés : 0 Ko
    [Default User] Fichiers temporaires Supprimés : 0 Ko
    [Public] Fichiers temporaires Supprimés : 0 Ko
    [C:WindowsTemp] Fichiers temporaires Supprimés : 0 Ko
    [C:Temp] Fichiers temporaires Supprimés : 40 Ko

    Autre rapport

    ¤¤¤¤¤¤¤¤¤¤ | Listing

    ¤¤¤¤¤¤¤¤¤¤ | C:Program Files (x86)

    [01/03/2014 17:44:39] – |D| – C:Program Files (x86)Adobe
    [01/03/2014 20:07:30] – |D| – C:Program Files (x86)AGEIA Technologies
    [18/04/2014 15:57:39] – |D| – C:Program Files (x86)AOMEI Partition Assistant Standard Edition 5.5
    [01/03/2014 16:37:43] – |D| – C:Program Files (x86)ASUS
    [30/05/2014 17:51:27] – |D| – C:Program Files (x86)Audacity
    [14/07/2009 05:20:08] – |D| – C:Program Files (x86)Common Files
    [14/07/2009 06:54:24] – |ASH| – C:Program Files (x86)desktop.ini
    [22/03/2014 22:36:04] – |D| – C:Program Files (x86)directx
    [18/04/2014 15:48:10] – |D| – C:Program Files (x86)EaseUS
    [01/03/2014 16:40:22] – |D| – C:Program Files (x86)Google
    [10/06/2014 16:47:36] – |D| – C:Program Files (x86)HMA! Pro VPN
    [09/04/2014 13:21:17] – |D| – C:Program Files (x86)ImageWriter
    [01/03/2014 16:38:40] – |HD| – C:Program Files (x86)InstallShield Installation Information
    [01/03/2014 16:41:15] – |D| – C:Program Files (x86)Intel
    [14/07/2009 05:20:08] – |D| – C:Program Files (x86)Internet Explorer
    [18/04/2014 18:28:36] – |D| – C:Program Files (x86)Java
    [17/08/2014 22:50:09] – |D| – C:Program Files (x86)Malwarebytes Anti-Malware
    [02/03/2014 20:23:20] – |D| – C:Program Files (x86)Microsoft Analysis Services
    [02/03/2014 20:23:15] – |D| – C:Program Files (x86)Microsoft Office
    [02/03/2014 20:23:53] – |D| – C:Program Files (x86)Microsoft SQL Server
    [30/05/2014 15:27:55] – |D| – C:Program Files (x86)Microsoft SQL Server Compact Edition
    [01/03/2014 20:03:42] – |D| – C:Program Files (x86)Microsoft.NET
    [14/07/2009 07:32:38] – |D| – C:Program Files (x86)MSBuild
    [18/04/2014 17:25:45] – |D| – C:Program Files (x86)No-IP
    [01/03/2014 20:07:02] – |D| – C:Program Files (x86)NVIDIA Corporation
    [10/03/2014 19:13:12] – |D| – C:Program Files (x86)Origin
    [01/03/2014 16:38:40] – |D| – C:Program Files (x86)Realtek
    [14/07/2009 07:32:38] – |D| – C:Program Files (x86)Reference Assemblies
    [17/08/2014 21:24:31] – |D| – C:Program Files (x86)Spyware Terminator
    [17/04/2014 14:37:33] – |D| – C:Program Files (x86)Synology
    [01/03/2014 16:41:59] – |HD| – C:Program Files (x86)Temp
    [15/04/2014 13:04:13] – |D| – C:Program Files (x86)Tweaking.com
    [14/07/2009 06:57:06] – |HD| – C:Program Files (x86)Uninstall Information
    [14/07/2009 07:32:38] – |D| – C:Program Files (x86)Windows Defender
    [30/05/2014 15:27:44] – |D| – C:Program Files (x86)Windows Live
    [14/07/2009 05:20:08] – |D| – C:Program Files (x86)Windows Mail
    [14/07/2009 07:32:38] – |D| – C:Program Files (x86)Windows Media Player
    [14/07/2009 05:20:08] – |D| – C:Program Files (x86)Windows NT
    [14/07/2009 07:32:38] – |D| – C:Program Files (x86)Windows Photo Viewer
    [14/07/2009 07:32:38] – |D| – C:Program Files (x86)Windows Portable Devices
    [14/07/2009 07:32:38] – |D| – C:Program Files (x86)Windows Sidebar
    [17/08/2014 23:27:52] – |D| – C:Program Files (x86)ZHPDiag

    ¤¤¤¤¤¤¤¤¤¤ | C:Program Files

    [01/03/2014 16:37:45] – |D| – C:Program FilesASUS
    [02/03/2014 16:05:23] – |D| – C:Program FilesAVAST Software
    [15/04/2014 13:12:19] – |D| – C:Program FilesCCleaner
    [14/07/2009 05:20:08] – |D| – C:Program FilesCommon Files
    [14/07/2009 06:54:24] – |ASH| – C:Program Filesdesktop.ini
    [14/07/2009 07:32:38] – |D| – C:Program FilesDVD Maker
    [01/03/2014 16:30:51] – |SHD| – C:Program FilesFichiers communs
    [01/03/2014 16:44:08] – |D| – C:Program FilesIntel
    [14/07/2009 05:20:08] – |D| – C:Program FilesInternet Explorer
    [01/03/2014 16:57:26] – |D| – C:Program Filesma-config.com
    [02/03/2014 20:23:20] – |D| – C:Program FilesMicrosoft Analysis Services
    [02/03/2014 20:23:13] – |D| – C:Program FilesMicrosoft Office
    [02/03/2014 20:23:42] – |D| – C:Program FilesMicrosoft SQL Server
    [15/08/2014 11:54:41] – |D| – C:Program FilesMicrosoft Xbox 360 Accessories
    [02/03/2014 20:23:53] – |D| – C:Program FilesMicrosoft.NET
    [14/07/2009 07:32:38] – |D| – C:Program FilesMSBuild
    [09/08/2014 11:19:17] – |D| – C:Program FilesNewshosting
    [01/03/2014 19:35:37] – |D| – C:Program FilesNVIDIA Corporation
    [09/04/2014 13:08:47] – |D| – C:Program FilesOracle
    [17/07/2014 22:16:32] – |D| – C:Program FilesRealtek
    [14/07/2009 07:32:38] – |D| – C:Program FilesReference Assemblies
    [01/03/2014 17:13:19] – |D| – C:Program FilesSaitek
    [21/03/2014 21:13:34] – |D| – C:Program FilesTracker Software
    [14/07/2009 07:09:26] – |HD| – C:Program FilesUninstall Information
    [25/04/2014 17:39:57] – |D| – C:Program FilesVideoLAN
    [14/07/2009 07:32:38] – |D| – C:Program FilesWindows Defender
    [14/07/2009 17:35:39] – |D| – C:Program FilesWindows Journal
    [14/07/2009 05:20:08] – |D| – C:Program FilesWindows Mail
    [14/07/2009 07:32:38] – |D| – C:Program FilesWindows Media Player
    [14/07/2009 05:20:08] – |D| – C:Program FilesWindows NT
    [14/07/2009 07:32:38] – |D| – C:Program FilesWindows Photo Viewer
    [14/07/2009 07:32:38] – |D| – C:Program FilesWindows Portable Devices
    [14/07/2009 07:32:38] – |D| – C:Program FilesWindows Sidebar

    ¤¤¤¤¤¤¤¤¤¤ | C:Program Files (x86)Common Files

    [01/03/2014 17:36:12] – |D| – C:Program Files (x86)Common FilesAdobe AIR
    [15/08/2014 01:24:58] – |D| – C:Program Files (x86)Common FilesBlizzard Entertainment
    [18/03/2014 22:39:22] – |HD| – C:Program Files (x86)Common FilesEAInstaller
    [01/03/2014 16:41:56] – |D| – C:Program Files (x86)Common FilesInstallShield
    [01/03/2014 16:49:48] – |D| – C:Program Files (x86)Common FilesIntel Corporation
    [18/04/2014 18:28:42] – |D| – C:Program Files (x86)Common FilesJava
    [14/07/2009 05:20:08] – |D| – C:Program Files (x86)Common Filesmicrosoft shared
    [17/08/2014 21:16:02] – |D| – C:Program Files (x86)Common FilesPC Tools
    [01/03/2014 16:43:46] – |D| – C:Program Files (x86)Common FilespostureAgent
    [14/07/2009 05:20:08] – |D| – C:Program Files (x86)Common FilesServices
    [02/03/2014 19:45:35] – |D| – C:Program Files (x86)Common FilesSkype
    [14/07/2009 05:20:08] – |D| – C:Program Files (x86)Common FilesSpeechEngines
    [10/03/2014 15:11:51] – |D| – C:Program Files (x86)Common FilesSteam
    [14/07/2009 05:20:08] – |D| – C:Program Files (x86)Common FilesSystem
    [30/05/2014 15:23:55] – |D| – C:Program Files (x86)Common FilesWindows Live

    ¤¤¤¤¤¤¤¤¤¤ | C:Program FilesCommon Files

    [02/03/2014 20:23:57] – |D| – C:Program FilesCommon FilesDESIGNER
    [14/07/2009 05:20:08] – |D| – C:Program FilesCommon FilesMicrosoft Shared
    [14/07/2009 05:20:08] – |D| – C:Program FilesCommon FilesServices
    [14/07/2009 05:20:08] – |D| – C:Program FilesCommon FilesSpeechEngines
    [14/07/2009 05:20:08] – |D| – C:Program FilesCommon FilesSystem

    ¤¤¤¤¤¤¤¤¤¤ | C:UsersClementAppDataRoaming

    [01/03/2014 17:36:03] – |D| – C:UsersClementAppDataRoamingAdobe
    [30/05/2014 17:51:31] – |D| – C:UsersClementAppDataRoamingAudacity
    [02/03/2014 16:06:23] – |D| – C:UsersClementAppDataRoamingAVAST Software
    [15/08/2014 01:25:08] – |D| – C:UsersClementAppDataRoamingBattle.net
    [07/06/2014 19:00:26] – |D| – C:UsersClementAppDataRoamingCanneverbe Limited
    [10/03/2014 15:22:55] – |D| – C:UsersClementAppDataRoamingcom.spiderneo.junglertimer
    [17/08/2014 15:10:48] – |D| – C:UsersClementAppDataRoamingDAEMON Tools Lite
    [01/03/2014 16:30:55] – |D| – C:UsersClementAppDataRoamingIdentities
    [01/03/2014 16:43:23] – |D| – C:UsersClementAppDataRoamingInstallShield
    [01/03/2014 16:44:52] – |D| – C:UsersClementAppDataRoamingIntel Corporation
    [17/08/2014 20:45:41] – |D| – C:UsersClementAppDataRoamingLavasoft
    [17/08/2014 20:45:16] – |D| – C:UsersClementAppDataRoamingLavasoftStatistics
    [01/03/2014 20:45:29] – |D| – C:UsersClementAppDataRoamingLolClient
    [01/03/2014 17:36:03] – |D| – C:UsersClementAppDataRoamingMacromedia
    [02/03/2014 19:13:17] – |D| – C:UsersClementAppDataRoamingMalwarebytes
    [01/03/2014 16:30:52] – |D| – C:UsersClementAppDataRoamingMedia Center Programs
    [01/03/2014 16:30:52] – |SD| – C:UsersClementAppDataRoamingMicrosoft
    [02/03/2014 19:18:15] – |D| – C:UsersClementAppDataRoamingMumble
    [12/08/2014 17:34:20] – |D| – C:UsersClementAppDataRoamingnaviextras
    [28/07/2014 21:02:43] – |D| – C:UsersClementAppDataRoamingNewshosting
    [09/04/2014 13:14:34] – |D| – C:UsersClementAppDataRoamingNVIDIA
    [11/03/2014 19:26:47] – |D| – C:UsersClementAppDataRoamingOrigin
    [02/03/2014 19:45:37] – |D| – C:UsersClementAppDataRoamingSkype
    [17/08/2014 21:24:33] – |D| – C:UsersClementAppDataRoamingSpyware Terminator
    [17/08/2014 15:18:08] – |D| – C:UsersClementAppDataRoamingStore
    [17/08/2014 21:13:55] – |D| – C:UsersClementAppDataRoamingTestApp
    [18/04/2014 14:32:13] – |D| – C:UsersClementAppDataRoaminguTorrent
    [25/04/2014 17:44:07] – |D| – C:UsersClementAppDataRoamingvlc
    [01/03/2014 17:11:14] – |D| – C:UsersClementAppDataRoamingWinRAR
    [17/08/2014 23:27:52] – |D| – C:UsersClementAppDataRoamingZHP

    ¤¤¤¤¤¤¤¤¤¤ | C:UsersClementAppDataLocal

    [01/03/2014 17:44:33] – |D| – C:UsersClementAppDataLocalAdobe
    [01/03/2014 16:30:52] – |SHD| – C:UsersClementAppDataLocalApplication Data
    [02/03/2014 19:00:31] – |D| – C:UsersClementAppDataLocalApps
    [17/08/2014 19:50:08] – |A| – C:UsersClementAppDataLocalars.cache
    [15/08/2014 01:25:08] – |D| – C:UsersClementAppDataLocalBattle.net
    [15/08/2014 01:25:21] – |D| – C:UsersClementAppDataLocalBlizzard Entertainment
    [17/08/2014 19:50:12] – |A| – C:UsersClementAppDataLocalcensus.cache
    [28/07/2014 21:03:24] – |D| – C:UsersClementAppDataLocalCrashRpt
    [02/03/2014 19:00:31] – |D| – C:UsersClementAppDataLocalDeployment
    [14/06/2014 15:43:26] – |D| – C:UsersClementAppDataLocalDiagnostics
    [03/08/2014 13:05:31] – |D| – C:UsersClementAppDataLocalElevatedDiagnostics
    [12/07/2014 23:11:13] – |SHD| – C:UsersClementAppDataLocalEmieSiteList
    [12/07/2014 23:11:13] – |SHD| – C:UsersClementAppDataLocalEmieUserList
    [11/03/2014 18:15:18] – |D| – C:UsersClementAppDataLocalfontconfig
    [01/03/2014 16:44:52] – |A| – C:UsersClementAppDataLocalGDIPFONTCACHEV1.DAT
    [11/03/2014 18:15:17] – |D| – C:UsersClementAppDataLocalgegl-0.2
    [01/03/2014 16:40:22] – |D| – C:UsersClementAppDataLocalGoogle
    [11/03/2014 18:38:51] – |D| – C:UsersClementAppDataLocalgtk-2.0
    [01/03/2014 16:30:52] – |SHD| – C:UsersClementAppDataLocalHistorique
    [17/08/2014 19:31:18] – |A| – C:UsersClementAppDataLocalhousecall.guid.cache
    [17/08/2014 22:24:53] – |AH| – C:UsersClementAppDataLocalIconCache.db
    [10/06/2014 16:48:02] – |D| – C:UsersClementAppDataLocalIsolatedStorage
    [01/03/2014 16:30:52] – |D| – C:UsersClementAppDataLocalMicrosoft
    [02/03/2014 20:23:15] – |D| – C:UsersClementAppDataLocalMicrosoft Help
    [28/07/2014 21:03:25] – |D| – C:UsersClementAppDataLocalNewshosting
    [01/03/2014 20:15:04] – |D| – C:UsersClementAppDataLocalNVIDIA
    [18/05/2014 18:09:23] – |D| – C:UsersClementAppDataLocalNVIDIA Corporation
    [02/03/2014 16:59:30] – |D| – C:UsersClementAppDataLocalO&O
    [01/03/2014 17:35:46] – |D| – C:UsersClementAppDataLocalOCCT_-_Ocbase_-_Adrien_Me
    [18/03/2014 21:10:38] – |D| – C:UsersClementAppDataLocalOrigin
    [01/03/2014 16:50:32] – |D| – C:UsersClementAppDataLocalPrograms
    [27/07/2014 02:34:27] – |A| – C:UsersClementAppDataLocalPUTTY.RND
    [11/03/2014 18:35:57] – |A| – C:UsersClementAppDataLocalrecently-used.xbel
    [01/03/2014 16:30:52] – |D| – C:UsersClementAppDataLocalTemp
    [01/03/2014 16:30:52] – |SHD| – C:UsersClementAppDataLocalTemporary Internet Files
    [12/03/2014 16:43:54] – |D| – C:UsersClementAppDataLocalUbisoft Game Launcher
    [01/03/2014 16:30:54] – |D| – C:UsersClementAppDataLocalVirtualStore
    [18/04/2014 17:25:48] – |D| – C:UsersClementAppDataLocalVitalwerks
    [30/05/2014 15:24:02] – |D| – C:UsersClementAppDataLocalWindows Live

    ¤¤¤¤¤¤¤¤¤¤ | C:ProgramData

    [01/03/2014 17:36:13] – |D| – C:ProgramDataAdobe
    [14/07/2009 07:08:56] – |SHD| – C:ProgramDataApplication Data
    [17/07/2014 22:07:37] – |D| – C:ProgramDataASUS
    [02/03/2014 16:04:36] – |D| – C:ProgramDataAVAST Software
    [10/03/2014 15:14:51] – |D| – C:ProgramDataBattle.net
    [15/08/2014 01:24:53] – |D| – C:ProgramDataBlizzard Entertainment
    [01/03/2014 16:30:51] – |SHD| – C:ProgramDataBureau
    [07/06/2014 19:00:28] – |D| – C:ProgramDataCanneverbe Limited
    [26/03/2014 14:41:03] – |HD| – C:ProgramDataCanonBJ
    [28/07/2014 21:03:18] – |D| – C:ProgramDataCaphyon
    [17/08/2014 15:10:05] – |D| – C:ProgramDataDAEMON Tools Lite
    [14/07/2009 07:08:56] – |SHD| – C:ProgramDataDesktop
    [14/07/2009 07:08:56] – |SHD| – C:ProgramDataDocuments
    [18/03/2014 21:17:19] – |D| – C:ProgramDataElectronic Arts
    [01/03/2014 16:30:51] – |SHD| – C:ProgramDataFavoris
    [14/07/2009 07:08:56] – |SHD| – C:ProgramDataFavorites
    [01/03/2014 16:44:09] – |D| – C:ProgramDataIntel
    [17/08/2014 20:40:57] – |D| – C:ProgramDataLavasoft
    [01/03/2014 16:57:26] – |D| – C:ProgramDatama-config.com
    [02/03/2014 19:13:17] – |D| – C:ProgramDataMalwarebytes
    [01/03/2014 16:30:51] – |SHD| – C:ProgramDataMenu Démarrer
    [14/07/2009 05:20:08] – |SD| – C:ProgramDataMicrosoft
    [02/03/2014 20:23:12] – |D| – C:ProgramDataMicrosoft Help
    [02/03/2014 20:14:02] – |D| – C:ProgramDataMicrosoft Toolkit
    [01/03/2014 16:30:51] – |SHD| – C:ProgramDataModèles
    [01/03/2014 20:07:22] – |D| – C:ProgramDataNVIDIA
    [01/03/2014 20:07:03] – |D| – C:ProgramDataNVIDIA Corporation
    [02/03/2014 16:59:08] – |D| – C:ProgramDataOO Software
    [18/04/2014 18:28:44] – |D| – C:ProgramDataOracle
    [11/03/2014 19:26:22] – |D| – C:ProgramDataOrigin
    [17/08/2014 21:13:55] – |D| – C:ProgramDataPC Tools
    [02/03/2014 20:23:48] – |D| – C:ProgramDataregid.1991-06.com.microsoft
    [16/07/2014 14:50:11] – |D| – C:ProgramDataRiot Games
    [11/03/2014 18:59:49] – |D| – C:ProgramDataSaitek
    [01/03/2014 16:50:52] – |D| – C:ProgramDataSamsung
    [02/03/2014 19:45:15] – |D| – C:ProgramDataSkype
    [17/08/2014 21:24:33] – |D| – C:ProgramDataSpyware Terminator
    [14/07/2009 07:08:56] – |SHD| – C:ProgramDataStart Menu
    [18/04/2014 18:28:43] – |D| – C:ProgramDataSun
    [17/04/2014 14:37:34] – |D| – C:ProgramDataSynology
    [17/08/2014 21:13:56] – |D| – C:ProgramDataTEMP
    [14/07/2009 07:08:56] – |SHD| – C:ProgramDataTemplates
    [19/04/2014 13:11:27] – |D| – C:ProgramDataVitalwerks

    Eléments analysés : 214465 | Modifiés : 19 | Infectés : 36

    ¤¤¤¤¤¤¤¤¤¤ |EOF| ¤¤¤¤¤¤¤¤¤¤ | 00:08:20 | [31 Ko][/spoiler:1rdbvswj]

  • klem1
    Participant
    Nombre d'articles : 25

    oops désolé et enfin le ZHP Diag

    [spoiler:237zzlm7]~ Rapport de ZHPDiag v2014.8.16.119 – Nicolas Coolman (16/08/2014)
    ~ Lancé par Clement (18/08/2014 00:14:30)
    ~ Adresse du Site Web http://nicolascoolman.fr” onclick=”window.open(this.href);return false;
    ~ Adresse du Forum http://forum.nicolascoolman.fr” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version : Version à jour.
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Deactivate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v11.0.9600.17207
    GCIE: Google Chrome v36.0.1985.125 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows Operating System – Windows(R) 7, VOLUME_KMSCLIENT channel
    Windows ID Activation : OK
    ~ Windows Partial Key : GPDD4
    Windows License : OK
    ~ Windows Remaining Initializations Number : 1
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    avast! Free Antivirus v9.0.2021
    Malwarebytes Anti-Malware version 2.0.2.1012
    Windows Defender W7 (Activate)

    —\ Logiciels d'optimisation du système
    CCleaner v4.12

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Java 7 Update 55

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 8130 MB (70% free)
    System Restore: Activé (Enable)
    System drive C: has 42 GB (39%) free of 107 GB

    —\ Mode de connexion au système
    ~ Computer Name: CLEMENT-PC
    ~ User Name: Clement
    ~ All Users Names: Clement, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersClementAppDataRoamingZHP
    ~ %AppData% : C:UsersClementAppDataRoaming
    ~ %Desktop% : C:UsersClementDesktop
    ~ %Favorites% : C:UsersClementFavorites
    ~ %LocalAppData% : C:UsersClementAppDataLocal
    ~ %StartMenu% : C:UsersClementAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 42 Go of 107 Go)
    D: CD-ROM drive (Not Inserted)
    E: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
    F: Hard drive, Flash drive, Thumb drive (Free 519 Go of 977 Go)
    J: Hard drive, Flash drive, Thumb drive (Free 302 Go of 443 Go)
    P: Hard drive, Flash drive, Thumb drive (Free 419 Go of 443 Go)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem] EnableLUA: Modified
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyGames: Modified
    ~ Security Center: 49 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.18/06/2014 – 23:58:27.) — C:WindowsSystem32wininet.dll [2266112]
    [MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.04/03/2014 – 10:43:50.) — C:WindowsSystem32Winlogon.exe [455168]
    [MD5.BC204AB3FBC84E419DBC486E3CC5CE94] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 14:27:26.) — C:WindowsSystem32sppcomapi.dll [231936]
    [MD5.FA886682CFC5D36718D3E436AACF10B9] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.30/05/2014 – 07:45:52.) — C:Windowssystem32DriversAFD.sys [497152]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:21.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:32.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:43.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:20.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.24/01/2014 – 03:37:55.) — C:Windowssystem32Driversntfs.sys [1684928]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:35.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.1B6163C503398B23FF8B939C67747683] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.20/11/2010 – 12:06:41.) — C:Windowssystem32Driversrdpdr.sys [165888]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:56.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.DF8126BD41180351A093A3AD2FC8903B] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.25/02/2011 – 07:25:38.) — C:Windowssystem32Driversvolsnap.sys [296320]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes Favoris (My Favorites) : 1/24
    ~ Mes Documents (My Documents) : 2/35
    ~ Mon Bureau (My Desktop) : 1/42
    ~ Menu demarrer (Programs) : 1/40
    ~ Hidden Files: Scanned in 00mn 00s

    —\ Processus lancés
    [MD5.94626EA1B95A54444B950759BE5679E7] – (.ASUSTeK Computer Inc. – Pas de description.) — C:Program Files (x86)ASUSAI Suite IIIAISuite3.exe [1389368] [PID.2072]
    [MD5.AB6CE6F1827345453030E09533BD744B] – (…) — C:Program Files (x86)ASUSAI Suite IIIDIP4DIPAwayModeDipAwayMode.exe [1218360] [PID.2080]
    [MD5.4FBC630768570E6AC35C3DE8F6EC79F5] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe [6970168] [PID.2116]
    [MD5.C56AEF21A76A6E2BB36A384B2C96389F] – (.NVIDIA Corporation – NVIDIA GeForce Experience Backend.) — C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe [2403104] [PID.4428]
    [MD5.ADDF1D80161DA7C5FB9D725EED986655] – (…) — C:Program Files (x86)ASUSAI Suite IIIDIP4DIPAwayModeEPUShortCut.exe [1221432] [PID.4280]
    [MD5.AAA77701508F8AD3585461E67BE40AF2] – (.Samsung Electronics. – Samsung Magician Application.) — P:Program Files (x86)Samsung MagicianSamsung Magician.exe [4737440] [PID.5588]
    [MD5.B43E68B8A022FB00FF54360D408E871B] – (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe [860488] [PID.5556]
    [MD5.26B558B2D31C7425B455B00E562EAD93] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastavastui.exe [4085896] [PID.5680]
    [MD5.6F815EE8023E715353C4D9F88F75D2B6] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8092160] [PID.6664]
    [MD5.D2230317777033CD0456990BFC4994E5] – (.NVIDIA Corporation – Stereo Vision Control Panel API Server.) — C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe [411936] [PID.1000]
    [MD5.73F5C13B431915BAE35254B4E95DFB71] – (.AVAST Software – avast! Service.) — C:Program FilesAVAST SoftwareAvastAvastSvc.exe [50344] [PID.1468]
    [MD5.BBF8F831C7720DD5135D8C4C8325187A] – (…) — C:Program Files (x86)ASUSAXSP1.01.02atkexComSvc.exe [936728] [PID.528]
    [MD5.E536856E96A7605EBF580D62A868E5FE] – (…) — C:WindowsSysWOW64ASGT.exe [55296] [PID.2204]
    [MD5.893481D570E97CED36EC7EBD56ADBF24] – (.ASUSTeK Computer Inc. – Pas de description.) — C:Program Files (x86)ASUSAAHM1.00.22aaHMSvc.exe [945152] [PID.2224]
    [MD5.7683F046E48265C83E40EB3D4492E78E] – (.ASUSTeK Computer Inc. – ASUS Motherboard Fan Control Service.) — C:Program Files (x86)ASUSAsusFanControlService1.02.22AsusFanControlService.exe [1639424] [PID.2260]
    [MD5.D84AEA3F3329D622DFC1297DDDF6163B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe [1809720] [PID.2864]
    [MD5.4F45ED469906494F9BF754E476390DBD] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe [860472] [PID.2464]
    [MD5.D0F743BD1F8E402E4A52D83574828AC2] – (.Pas de propriétaire – ducservice.) — C:Program Files (x86)No-IPducservice.exe [10752] [PID.2692]
    [MD5.D6310F79E51D1F997E964E81DD368AEA] – (.NVIDIA Corporation – NVIDIA Network Service.) — C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe [1720608] [PID.2652]
    [MD5.635686E528F2C9CB916EC1BB04EE6AD1] – (…) — C:Program Files (x86)SynologyAssistantUsbClientService.exe [248736] [PID.3076]
    [MD5.6241810294275CEA59EBA9733080E5EE] – (.Intel Corporation – IAStorDataSvc.) — C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe [15720] [PID.5688]
    [MD5.52069AEB42D3D0F97CBCA1085EBF55E6] – (.Intel Corporation – Intel(R) Dynamic Application Loader Host In.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe [169432] [PID.3412]
    [MD5.8939CBB2526CB87C476DB9ABBF243AE0] – (.Intel Corporation – Intel(R) Local Management Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [390616] [PID.5392]
    ~ Processes Running: Scanned in 00mn 00s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersClementAppDataLocalGoogleChromeUser DataDefaultPreferences
    G2 – GCE: Preference [User DataDefault] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
    G2 – GCE: Preference [User DataDefault] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
    G2 – GCE: Preference [User DataDefault] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [onhbegdkgonhlokobjefolhpoidcnida] Synology Download Station v.2.1.7, (Activé)
    G2 – GCE: Preference [User DataDefault] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

    —\ Liste des dossiers d'extension Google Chrome
    ~ Google Lines Browser: 25 Legitimates Filtered in 00mn 05s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    R5 – HKLMSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hôte est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: (no name) – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
    O3 – Toolbar: (no name) – [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Applications lancées au démarrage du système (O4)
    O4 – HKLM..Run: [ProfilerU] . (.Saitek – Saitek SST Profile Launcher.) — C:Program FilesSaitekSD6SoftwareProfilerU.exe
    O4 – HKLM..Run: [NvBackend] . (.NVIDIA Corporation – NVIDIA GeForce Experience Backend.) — C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe
    O4 – HKLM..Run: [ShadowPlay] . (.NVIDIA Corporation – NVIDIA Capture Server Proxy.) — C:Windowssystem32nvspcap64.dll
    O4 – HKCU..Run: [GoogleChromeAutoLaunch_9E929130E8EBB2E1654F3E39F9DE2EFB] . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O4 – HKLM..Wow6432NodeRun: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUS.DEFAULT..RunOnce: [SPReview] . (.Microsoft Corporation – SP Reviewer.) — C:WindowsSystem32SPReviewSPReview.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-18..RunOnce: [SPReview] . (.Microsoft Corporation – SP Reviewer.) — C:WindowsSystem32SPReviewSPReview.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-825608802-4289994647-314183835-1000..Run: [GoogleChromeAutoLaunch_9E929130E8EBB2E1654F3E39F9DE2EFB] . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    ~ Application: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{612850A9-2EF8-4CFB-8F80-9F3A70CB5786}: DhcpNameServer = 192.168.42.129
    O17 – HKLMSystemCCSServicesTcpip..{A203F6FA-8877-46A6-8152-30358027D010}: DhcpNameServer = 212.27.40.241 212.27.40.240
    O17 – HKLMSystemCS1ServicesTcpip..{612850A9-2EF8-4CFB-8F80-9F3A70CB5786}: DhcpNameServer = 192.168.42.129
    O17 – HKLMSystemCS1ServicesTcpip..{A203F6FA-8877-46A6-8152-30358027D010}: DhcpNameServer = 212.27.40.241 212.27.40.240
    O17 – HKLMSystemCS2ServicesTcpip..{612850A9-2EF8-4CFB-8F80-9F3A70CB5786}: DhcpNameServer = 192.168.42.129
    O17 – HKLMSystemCS2ServicesTcpip..{A203F6FA-8877-46A6-8152-30358027D010}: DhcpNameServer = 212.27.40.241 212.27.40.240
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 212.27.40.241 212.27.40.240
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
    O18 – Filter: text/xml [64Bits] – {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE15MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: ASGT (ASGT) . (…) – C:WindowsSysWOW64ASGT.exe
    O23 – Service: NO-IP DUC v4 (NoIPDUCService4) . (.Pas de propriétaire – ducservice.) – C:Program Files (x86)No-IPducservice.exe
    ~ Services: 18 Legitimates Filtered in 00mn 05s

    —\ Tâches planifiées en automatique (O39)
    [MD5.D4F602B1F775B5827932D3C5B04A3FD2] [APT] [AutoKMS] (…) — C:WindowsAutoKMSAutoKMS.exe [3372032] =>Trojan.AutoKMS
    [MD5.AB6CE6F1827345453030E09533BD744B] [APT] [ASUS DIPAwayMode] (…) — C:Program Files (x86)ASUSAI Suite IIIDIP4DIPAwayModeDipAwayMode.exe [1218360]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineCore [1066]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineUA [1070]
    ~ Scheduled Task: 16 Legitimates Filtered in 00mn 01s

    —\ Pilotes lancés au démarrage du système (O41)
    O41 – Driver: (ndisrd) . (.NT Kernel Resources – NDISRD helper driver.) – C:WindowsSystem32DRIVERSndisrd.sys
    ~ Drivers: 87 Legitimates Filtered in 00mn 00s

    —\ Logiciels installés (O42)
    O42 – Logiciel: Le Chercheur de Mots 1.0.49 – (…) [HKLM][64Bits] — Le Chercheur de Mots_is1
    ~ Logic: 23 Legitimates Filtered in 00mn 00s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareAdsFix]
    [HKLMSoftwareAdsFix]
    [HKLMSoftwareRespawn]
    [HKLMSoftwareWow6432NodeAdsFix]
    [HKLMSoftwareWow6432NodeRespawn]
    [HKLMSoftwareWow6432NodeSOSVirus]
    [HKLMSoftwarejumpshot.com]
    ~ Key Software: 267 Legitimates Filtered in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 09/04/2014 – 13:21:32 – [] —-D C:Program Files (x86)ImageWriter
    O43 – CFD: 10/03/2014 – 15:23:03 – [] —-D C:UsersClementAppDataRoamingcom.spiderneo.junglertimer
    O43 – CFD: 17/08/2014 – 15:23:42 – [0] —-D C:UsersClementAppDataRoamingStore =>PUP.Nosibay
    ~ Program Folder: 174 Legitimates Filtered in 00mn 00s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.BABA8E4A8F084AA69862473513768F43] – 15/08/2014 – 01:37:47 —A- . (…) — C:WindowsDirectX.log [18549]
    O44 – LFC:[MD5.52D131C5E63A93C135F0067DCA43A8CF] – 17/08/2014 – 23:08:20 —A- . (…) — C:AdsFix_18_08_2014_00_08_20.txt [30815]
    ~ Files: 91 Legitimates Filtered in 00mn 01s

    —\ Clé de registre Shell MountPoints2 (MPKS) (O51)
    O51 – MPSK:{724d44d4-dba5-11e3-9f44-74d02b9f0221}AutoRuncommand. (…) — G:Startme.exe (.not file.)
    O51 – MPSK:{ba83cb47-a14d-11e3-a996-806e6f6e6963}AutoRuncommand. (…) — D:.BinASSETUP.exe (.not file.)
    ~ Keys: Scanned in 00mn 00s

    —\ Enumération des clés de registre StartupReg (SMSR) (O53)
    O53 – SMSR:HKLM…startupregNoIPDUCv4 [Key] . (.Pas de propriétaire – DUC40.) — C:Program Files (x86)No-IPDUC40.exe
    O53 – SMSR:HKLM…startupregOODefragTray [Key] . (…) — C:Program FilesOO SoftwareDefragoodtray.exe (.not file.)
    ~ SMSR Keys: 13 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableLUA”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “PromptOnSecureDesktop”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 17 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
    ~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:23/07/2014 – 10:40:54 —A- . (…) — C:WindowsSystem32DriversaswHwid.sys [29208] =>.ALWIL Software
    O58 – SDL:23/07/2014 – 10:40:54 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65776] =>.ALWIL Software
    O58 – SDL:23/07/2014 – 10:40:55 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [224896] =>.ALWIL Software
    O58 – SDL:03/08/2012 – 10:36:52 —A- . (.Windows (R) Win 7 DDK provider – Synology Virtual USB Hub.) — C:WindowsSystem32Driversbusenum.sys [55776]
    O58 – SDL:14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
    O58 – SDL:10/06/2009 – 21:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
    O58 – SDL:07/02/2013 – 09:31:14 R–A- . (.NT Kernel Resources – NDISRD helper driver.) — C:WindowsSystem32Driversndisrd.sys [32840]
    O58 – SDL:19/04/2013 – 03:56:48 —A- . (…) — C:WindowsSystem32Driversnvflash.sys [15648]
    O58 – SDL:14/07/2009 – 02:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
    O58 – SDL:22/08/2013 – 13:40:24 —A- . (.The OpenVPN Project – TAP-Windows Virtual Network Driver.) — C:WindowsSystem32Driverstap0901.sys [40664]
    O58 – SDL:29/11/2013 – 09:31:28 —A- . (…) — C:WindowsSystem32ampa.sys [17008]
    O58 – SDL:21/08/2012 – 19:54:10 R–A- . (…) — C:WindowsSysWOW64driversAsIO.sys [15232]
    O58 – SDL:14/09/2012 – 03:06:23 R–A- . (…) — C:WindowsSysWOW64driversAsUpIO.sys [14464]
    O58 – SDL:02/04/2009 – 13:30:14 —A- . (…) — C:WindowsSysWOW64driversASUSHWIO.SYS [10296]
    O58 – SDL:29/11/2013 – 09:31:28 —A- . (…) — C:WindowsSysWOW64ampa.sys [17008]
    ~ Drivers: 93 Legitimates Filtered in 00mn 00s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 17/08/2014 – 00:14:52 —A- . (…) — C:UsersClementDesktopAdsFix.exe [2894848]
    ~ 6 Fichiers temporaires (Temporary files)
    ~ 2 Fichiers cookies (Cookies files)
    ~ Files: 8 Legitimates Filtered in 00mn 00s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix – (.El Desaparecido – http://www.usbfix.nethttp://www.sosvirus.net.) [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Liste les services legacy du registre (LALS) (O64)
    O64 – Services: CurCS – 23/07/2014 – C:Windowssystem32driversaswHwid.sys (aswHwid) .(…) – LEGACY_ASWHWID
    ~ Legacy: 94 Legitimates Filtered in 00mn 00s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
    ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.D7B4BFF00B1F6D2387F5A720943FB6A8] [SPRF][17/08/2014] (.Pas de propriétaire – Ads Cleaner.) — C:UsersClementDesktopAdsFix.exe [2894848]
    ~ Files: 1 Legitimates Filtered in 00mn 00s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: “{50E86DB5-872C-48A7-8ED7-31F6D6542D29}” | In – None – P6 – TRUE | .(.BitTorrent Inc. – µTorrent.) — F:Downloadstorrent_3-4-build-30635_fr_18245.exe =>P2P.BitTorrent
    O87 – FAEL: “{FAD57A23-6B11-4E3A-BF15-804B187825AB}” | In – None – P17 – TRUE | .(.BitTorrent Inc. – µTorrent.) — F:Downloadstorrent_3-4-build-30635_fr_18245.exe =>P2P.BitTorrent
    O87 – FAEL: “{AEEDCC9F-2ADC-4CA4-873A-C41FE8FA58D4}” | In – None – P6 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:UsersClementAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    O87 – FAEL: “{F2D83A52-5F3D-4695-A3BA-32E4EB1C18EE}” | In – None – P17 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:UsersClementAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    ~ Firewall: 4 Legitimates Filtered in 00mn 00s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Disabled 02/03/2014 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Disabled 02/03/2014 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 02/01/2013 171632 | (ICCS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Integrated Clock Controller ServiceICCProxy.exe
    SS – | Demand 27/08/2013 828376 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) – C:Program FilesInteliCLS ClientSocketHeciServer.exe
    SS – | Demand 29/05/2014 543424 | (Steam Client Service) . (.Valve Corporation.) – C:Program Files (x86)Common FilesSteamSteamService.exe
    SR – | Auto 07/05/2013 936728 | (asComSvc) . (…) – C:Program Files (x86)ASUSAXSP1.01.02atkexComSvc.exe
    SR – | Auto 17/01/2012 55296 | (ASGT) . (…) – C:WindowsSysWOW64ASGT.exe
    SR – | Auto 07/05/2013 945152 | (asHmComSvc) . (.ASUSTeK Computer Inc..) – C:Program Files (x86)ASUSAAHM1.00.22aaHMSvc.exe
    SR – | Auto 09/05/2013 1639424 | (AsusFanControlService) . (.ASUSTeK Computer Inc..) – C:Program Files (x86)ASUSAsusFanControlService1.02.22AsusFanControlService.exe
    SR – | Auto 23/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
    SR – | Auto 21/11/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
    SR – | Auto 27/08/2013 747520 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) – C:Program FilesInteliCLS ClientHeciServer.exe
    SR – | Auto 10/12/2013 169432 | (jhi_service) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe
    SR – | Auto 10/12/2013 390616 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
    SR – | Auto 24/02/2014 2818888 | (MaConfigAgent) . (.CybelSoft.) – C:Program Filesma-config.comMaConfigAgent.exe
    SR – | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe
    SR – | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe
    SR – | Auto 06/02/2014 10752 | (NoIPDUCService4) . (…) – C:Program Files (x86)No-IPducservice.exe
    SR – | Auto 25/07/2014 1720608 | (NvNetworkService) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe
    SR – | Auto 25/07/2014 18956064 | (NvStreamSvc) . (.NVIDIA Corporation.) – C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe
    SR – | Auto 02/07/2014 935368 | (nvsvc) . (.NVIDIA Corporation.) – C:Windowssystem32nvvsvc.exe
    SR – | Auto 02/07/2014 411936 | (Stereo Service) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe
    SR – | Auto 23/01/2014 248736 | (UsbClientService) . (…) – C:Program Files (x86)SynologyAssistantUsbClientService.exe
    SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 03s

    —\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Run by Clement at 18/08/2014 00:15:30
    ~ OS 64 not supported by MBR tool
    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by Clement at 18/08/2014 00:15:32
    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 13026 – (16/08/2014)
    Clés trouvées (Keys found) : 0
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 1
    Fichiers trouvés (Files found) : 1

    C:UsersClementAppDataRoamingStore =>PUP.Nosibay^
    C:WindowsAutoKMSAutoKMS.exe =>Trojan.AutoKMS^
    ~ Additionnel Scan: 195396 Items scanned in 00mn 09s

    —\ Informations complémentaires sur les modules
    ~ http://nicolascoolman.fr/g2-google-chrome-extensions/” onclick=”window.open(this.href);return false; =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/” onclick=”window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
    ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/” onclick=”window.open(this.href);return false; =>.Internet Explorer Toolbars (O3)
    ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/” onclick=”window.open(this.href);return false; =>.Applications lancées au démarrage du système (O4)
    ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/” onclick=”window.open(this.href);return false; =>.Clé de registre Shell MountPoints2 (MPKS) (O51)
    ~ AMI: 5 Legitimates Filtered in 00mn 00s

    —\ Récapitulatif des détections trouvées sur votre station
    http://nicolascoolman.fr/trojan-autokms” onclick=”window.open(this.href);return false; =>Trojan.AutoKMS
    ~ MSI: 1 link(s) detected in 00mn 00s

    ~ 904 Legitimates filtered by white list
    End of the scan (469 lines in 01mn 12s)(0)[/spoiler:237zzlm7]

  • buckhulk
    Participant
    Nombre d'articles : 2391

    bon tu as java à mettre à jour, mais après le script OK ??
    Java Update 67

    • Séléctionne et copie le script suivant :

      Script ZHPFix
      ShortcutFix
      Java 7 Update 55 => Oracle
      O3 - Toolbar: (no name) - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline => Toolbar.Avast
      O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Clé orpheline => Orphean Key not necessary
      [MD5.D4F602B1F775B5827932D3C5B04A3FD2] [APT] [AutoKMS] (...) -- C:WindowsAutoKMSAutoKMS.exe [3372032] =>Trojan.AutoKMS
      O41 - Driver: (ndisrd) . (.NT Kernel Resources - NDISRD helper driver.) - C:WindowsSystem32DRIVERSndisrd.sys
      O43 - CFD: 17/08/2014 - 15:23:42 - [0] ----D C:UsersClementAppDataRoamingStore =>PUP.Nosibay
      O51 - MPSK:{724d44d4-dba5-11e3-9f44-74d02b9f0221}AutoRuncommand. (...) -- G:Startme.exe (.not file.) => Fichier absent
      O51 - MPSK:{ba83cb47-a14d-11e3-a996-806e6f6e6963}AutoRuncommand. (...) -- D:.BinASSETUP.exe (.not file.) => Fichier absent
      O58 - SDL:07/02/2013 - 09:31:14 R--A- . (.NT Kernel Resources - NDISRD helper driver.) -- C:WindowsSystem32Driversndisrd.sys [32840]
      O87 - FAEL: "{50E86DB5-872C-48A7-8ED7-31F6D6542D29}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- F:Downloadstorrent_3-4-build-30635_fr_18245.exe =>P2P.BitTorrent
      O87 - FAEL: "{FAD57A23-6B11-4E3A-BF15-804B187825AB}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- F:Downloadstorrent_3-4-build-30635_fr_18245.exe =>P2P.BitTorrent
      O87 - FAEL: "{AEEDCC9F-2ADC-4CA4-873A-C41FE8FA58D4}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:UsersClementAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
      O87 - FAEL: "{F2D83A52-5F3D-4695-A3BA-32E4EB1C18EE}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:UsersClementAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
      C:UsersClementAppDataRoamingStore =>PUP.Nosibay^
      C:WindowsAutoKMSAutoKMS.exe =>Trojan.AutoKMS^
      ProxyFix
      EmptyPrefetch
      EmptyFlash
      SysRestore
      FirewallRAZ
      EmptyTemp

    • Lances ZHPFix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

      1. Clique sur Importer
      2. Les lignes précedemment copiées doivent être collées dans le cadre
      3. Si c’est le cas, Clic sur “GO


      exemple :

    • Confirmes les nettoyages des données en cliquant sur “Oui
    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
    • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.

    à tout de suite donc…. 😉

  • klem1
    Participant
    Nombre d'articles : 25

    Le voici [spoiler:2dxuvq7p]Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
    Fichier d'export Registre :
    Run by Clement at 18/08/2014 00:35:52
    High Elevated Privileges : OK
    Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)

    Corbeille vidée (00mn 28s)
    Dossier Prefetcher vidé
    Réparation des raccourcis navigateur

    ========== Processus mémoire ==========
    SUPPRIMÉ: Memory Process: C:WindowsAutoKMSAutoKMS.exe

    ========== Clés du Registre ==========
    SUPPRIMÉ Driver Key: ndisrd
    SUPPRIMÉ CLSID MPSK: {724d44d4-dba5-11e3-9f44-74d02b9f0221}
    SUPPRIMÉ CLSID MPSK: {ba83cb47-a14d-11e3-a996-806e6f6e6963}

    ========== Valeurs du Registre ==========
    SUPPRIMÉ: Toolbar: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
    SUPPRIMÉ: Toolbar: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
    SUPPRIMÉ: {50E86DB5-872C-48A7-8ED7-31F6D6542D29}
    SUPPRIMÉ: {FAD57A23-6B11-4E3A-BF15-804B187825AB}
    SUPPRIMÉ: {AEEDCC9F-2ADC-4CA4-873A-C41FE8FA58D4}
    SUPPRIMÉ: {F2D83A52-5F3D-4695-A3BA-32E4EB1C18EE}
    ProxyFix : Configuration proxy supprimée avec succès
    SUPPRIMÉ ProxyServer Value
    SUPPRIMÉ ProxyEnable Value
    SUPPRIMÉ EnableHttp1_1 Value
    SUPPRIMÉ ProxyHttp1.1 Value
    SUPPRIMÉ ProxyOverride Value
    Aucune Valeur Standard Profile: FirewallRaz :
    Aucune Valeur Domain Profile: FirewallRaz :
    SUPPRIMÉ: FirewallRaz (Private) : {63D0196C-F7E7-4A49-B63F-A6AF03C7A3B7}
    SUPPRIMÉ: FirewallRaz (Private) : {555BA80A-7C9B-4549-B399-BC9746FFB0D0}
    SUPPRIMÉ: FirewallRaz (Public) : {4A0ECC62-3710-42E9-A84E-D30485404462}
    SUPPRIMÉ: FirewallRaz (Public) : {F6ECB65F-3636-4A75-9A63-CDBE4C3D0ADE}
    SUPPRIMÉ: FirewallRaz (Private) : TCP Query User{74BFED55-4936-47B0-8B47-AD6A380BE3B2}C:usersclementappdatalocaltemprar$exa0.376mratio4.5mratio.exe
    SUPPRIMÉ: FirewallRaz (Private) : UDP Query User{193F1CDD-3065-4AD3-AB26-E3A578B4BD71}C:usersclementappdatalocaltemprar$exa0.376mratio4.5mratio.exe
    SUPPRIMÉ: FirewallRaz (Public) : {7B05CC90-5C19-4FF3-9A81-99CEC1D38E5E}
    SUPPRIMÉ: FirewallRaz (Public) : {B848FBB1-DE59-471A-9FDC-4D1832403E35}
    SUPPRIMÉ: FirewallRaz (Private) : TCP Query User{261C0953-3248-40A9-B91C-6475034013CE}C:usersclementappdatalocaltemprar$exa0.626mratio4.5mratio.exe
    SUPPRIMÉ: FirewallRaz (Private) : UDP Query User{AB14EE43-4764-4F3C-AC78-73B2CF5261EB}C:usersclementappdatalocaltemprar$exa0.626mratio4.5mratio.exe
    SUPPRIMÉ: FirewallRaz (Public) : {ABE6F577-4FAB-4ACB-8838-E1F13773F187}
    SUPPRIMÉ: FirewallRaz (Public) : {0C635356-7C15-4332-A64E-1FFA4277EA70}

    ========== Dossiers ==========
    SUPPRIMÉ: C:UsersClementAppDataRoamingStore
    SUPPRIMÉS Flash Cookies (0)
    SUPPRIMÉS Temporaires Windows (5)

    ========== Fichiers ==========
    SUPPRIMÉ Redémarrage: c:windowssystem32driversndisrd.sys
    SUPPRIMÉS Flash Cookies (0) (0 octets)
    SUPPRIMÉS Temporaires Windows (4) (403 927 octets)

    ========== Tache planifiée ==========
    SUPPRIMÉ: AutoKMS
    SUPPRIMÉ: AutoKMS

    ========== Restauration Système ==========
    Point de restauration du système créé avec succès

    ========== Autre ==========
    NON TRAITÉ Java 7 Update 55

    ========== Récapitulatif ==========
    1 : Processus mémoire
    3 : Clés du Registre
    26 : Valeurs du Registre
    3 : Dossiers
    3 : Fichiers
    2 : Tache planifiée
    1 : Restauration Système
    1 : Autre

    End of clean in 00mn 35s

    ========== Chemin de fichier rapport ==========
    C:UsersClementAppDataRoamingZHPZHPFix[R1].txt – 18/08/2014 00:36:21 [3344][/spoiler:2dxuvq7p]

  • buckhulk
    Participant
    Nombre d'articles : 2391

    et comment ça va maintenant ??

  • klem1
    Participant
    Nombre d'articles : 25

    Bien je n’ai plus le bug. Mais par contre je n’ai plus internet, plus moyen de se connecter. C’est comme si mon cable ethernet était HS alors que ce n’est pas le cas. J’ai essayer de reinstaller les pilote de la carte reseau avec le cd de la carte mère mais cela ne change rien.

    je n’ai aussi plus de leds qui s’allume au niveau du port ethernet ..

  • klem1
    Participant
    Nombre d'articles : 25

    C’est peu être un problème de driver. Mais j’ai été sur ma config.com j’ai fait une analyse hors ligne… j’ai télécharger le dernier pilote pour ma carte réseau. Et même sur le site c’était marqué que en gros mon pilote de carte réseau avait des problème.
    J’ai installer le pilote mais rien n’y fait.

  • klem1
    Participant
    Nombre d'articles : 25

    Sur ma config.com il me dise “Le driver installé ne fonctionne pas correctement.”

    Ma carte reseau est HS ?

  • buckhulk
    Participant
    Nombre d'articles : 2391
    Sur ma config.com il me dise "Le driver installé ne fonctionne pas correctement."

    Ma carte reseau est HS ?

    et dans gestionnaire de périphèrique , tu as un triangle jaune ?

    si oui possible qu’il y ai un soucis de drivers, mais je ne pense pas que cela ai quelque chose à voir avec la désinfections !

  • klem1
    Participant
    Nombre d'articles : 25

    non pas de triangle jaune.

    Ba je sais pas, comment je peux savoir si ma carte réseau est vraiment HS ?

  • klem1
    Participant
    Nombre d'articles : 25

    Alors la comme par magie tout est revenue dans l’ordre je ne sais même pas comment. Par contre pour en revenir au virus.

    Quand je fait une analyse ‘Hyper’ avec malwarebytes il me trouve ceci [spoiler:27s77s38]Malwarebytes Anti-Malware
    http://www.malwarebytes.org” onclick=”window.open(this.href);return false;

    Date de l'examen: 18/08/2014
    Heure de l'examen: 16:02:03
    Fichier journal:
    Administrateur: Oui

    Version: 2.00.2.1012
    Base de données Malveillants: v2014.08.17.06
    Base de données Rootkits: v2014.08.16.01
    Licence: Premium
    Protection contre les malveillants: Activé(e)
    Protection contre les sites Web malveillants: Activé(e)
    Self-protection: Désactivé(e)

    Système d'exploitation: Windows 7 Service Pack 1
    Processeur: x64
    Système de fichiers: NTFS
    Utilisateur: Clement

    Type d'examen: Examen “Hyper”
    Résultat: Terminé
    Objets analysés: 244156
    Temps écoulé: 0 min, 57 sec

    Mémoire: Activé(e)
    Démarrage: Activé(e)
    Système de fichiers: Désactivé(e)
    Archives: Activé(e)
    Rootkits: Activé(e)
    Heuristics: Activé(e)
    PUP: Activé(e)
    PUM: Activé(e)

    Processus: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Clés du Registre: 0
    (No malicious items detected)

    Valeurs du Registre: 0
    (No malicious items detected)

    Données du Registre: 0
    (No malicious items detected)

    Dossiers: 0
    (No malicious items detected)

    Fichiers: 1
    PUP.Optional.IStartSurf.A, C:UsersClementAppDataLocalGoogleChromeUser DataDefaultPreferences, Bon: (), Mauvais: ( “startup_urls”: [ “https://www.google.fr/”, “http://www.google.com”, “http://www.istartsurf.com/?type=hp&ts=1408281240&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ANNSADB86446K”, “http://www.istartsurf.com/?type=hp&ts=1408281398&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ANNSADB86446K” ],), ,[7ec9efd891eacc6a170731d3fe0751af]

    Secteurs physiques: 0
    (No malicious items detected)

    (end)[/spoiler:27s77s38]

    je l’ai mis en quarantaine. Mais comment on supprime un fichier avec malwarebytes parce que comme action on a que :
    – Quarantaine
    – Ajouter une exclusion
    – Ignorer une fois

  • buckhulk
    Participant
    Nombre d'articles : 2391
    Alors la comme par magie tout est revenue dans l'ordre je ne sais même pas comment. Par contre pour en revenir au virus.

    souvent il suffit d’un redémarrage de l’ordinateur pour que les “nouveautés” comme les désinfections soient prises en compte !

    je l'ai mis en quarantaine. Mais comment on supprime un fichier avec malwarebytes parce que comme action on a que :

    En quarantaine le fichier est désactivé , il suffit ensuite de vider la quarantaine ….

    :bravo1: ^^

    Donc c’est bon :
    il faut passer Delfix maintenant :
    Delfix

    Delfix à changé et est devenu plus performant !

    1 – Télécharges DelFix sur votre bureau ICI

    2 – Vous pouvez cocher la case “réactiver l’UAC s’il a été désactivé !

    la case “suprimer les outils de désinfection est cochée par défaut !

    3 – vous pouvez cocher la case “éffectuer une sauvegarde du registre ! (au cas ou il y est un pbl )
    4 – vous pouvez cocher la case “purger la restauration système” tous les anciens points seront supprimés et un nouveau “sain” sera créer !
    5 – enfin cliquez sur : exécuter

    ps : Si c’est en milieu de désinfection ou si ce n’est pas indiqué, le passer comme il est programmé !

    ensuite :

    [fin2desinf:3qc4dnx5][/fin2desinf:3qc4dnx5]
    [diapo2:3qc4dnx5][/diapo2:3qc4dnx5]

    Bonne soirée … :bye:

  • klem1
    Participant
    Nombre d'articles : 25

    Merci de ton aide. Tu ma sorti d’une belle galère.

    Est au faite si tu à jamais un moment à me consacré, j’aimerais bien que tu m’explique quelle sont les actions des logiciel que tu m’a fait utiliser, et comment tu à su résoudre le problème.

    :merci2: :merci2: :merci2:

    ps: Tout sa parce que j’ai oublier de décocher une ! pub lors de l’installation d’un logiciel …

  • buckhulk
    Participant
    Nombre d'articles : 2391
    ps: Tout sa parce que j'ai oublier de décocher une ! pub lors de l’installation d'un logiciel ...

    Pas que ……mais oui …..

    si tu veux apprendre , une formation ouvre ici sur sos ….!

    tu peux t’inscrires : http://virusformation.com/” onclick=”window.open(this.href);return false;

    :bye: ^^

  • klem1
    Participant
    Nombre d'articles : 25

    Pas que ……mais oui ….

    Cet à dire ?

    Ah oui pourquoi pas. :merci2:

  • buckhulk
    Participant
    Nombre d'articles : 2391
    Pas que ......mais oui ....

    Cet à dire ?

    c’est un peu long à expliquer,le plus simple c’est de t’inscrire….

  • klem1
    Participant
    Nombre d'articles : 25

    Ok chef :merci2:

  • klem1
    Participant
    Nombre d'articles : 25

    A supprimer

  • Le sujet ‘Virus impossible à supprimer.’ est fermé à de nouvelles réponses.