Répondre à : Virus impossible à supprimer. 2016-09-08T13:58:12+00:00
Photo du profil de klem1klem1
Participant
Post count: 25

Delfix
[spoiler:1sk6pv8j]# DelFix v10.8 – Rapport créé le 17/08/2014 à 23:27:12
# Mis à jour le 29/07/2014 par Xplode
# Nom d'utilisateur : Clement – CLEMENT-PC
# Système d'exploitation : Windows 7 Professional Service Pack 1 (64 bits)

~ Suppression des outils de désinfection …

Supprimé : C:UsersClementAppDataRoamingZHP
Supprimé : C:ProgramDataMicrosoftWindowsStart MenuProgramsZHP
Supprimé : C:Program Files (x86)ZHPDiag
Supprimé : C:PhysicalDisk0_MBR.bin
Supprimé : C:UsersClementDesktopZHPDiag.lnk
Supprimé : C:UsersClementDesktopZHPDiag.txt
Supprimé : C:UsersClementDesktopZHPFix.lnk
Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallZHPDiag_is1

########## – EOF – ##########[/spoiler:1sk6pv8j]

ZHPDiag
[spoiler:1sk6pv8j]~ Rapport de ZHPDiag v2014.8.16.119 – Nicolas Coolman (16/08/2014)
~ Lancé par Clement (17/08/2014 23:28:03)
~ Adresse du Site Web http://nicolascoolman.fr” onclick=”window.open(this.href);return false;
~ Adresse du Forum http://forum.nicolascoolman.fr” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user

—\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17207
GCIE: Google Chrome v36.0.1985.125 (Defaut)

—\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System – Windows(R) 7, VOLUME_KMSCLIENT channel
Windows ID Activation : OK
~ Windows Partial Key : GPDD4
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
avast! Free Antivirus v9.0.2021
Malwarebytes Anti-Malware version 2.0.2.1012
Windows Defender W7 (Activate)

—\ Logiciels d'optimisation du système
CCleaner v4.12

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Java 7 Update 55

—\ Informations sur le système
~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8130 MB (69% free)
System Restore: Activé (Enable)
System drive C: has 42 GB (39%) free of 107 GB

—\ Mode de connexion au système
~ Computer Name: CLEMENT-PC
~ User Name: Clement
~ All Users Names: Clement, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d'environnement
~ System Unit : C:
~ %AppZHP% : C:UsersClementAppDataRoamingZHP
~ %AppData% : C:UsersClementAppDataRoaming
~ %Desktop% : C:UsersClementDesktop
~ %Favorites% : C:UsersClementFavorites
~ %LocalAppData% : C:UsersClementAppDataLocal
~ %StartMenu% : C:UsersClementAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 42 Go of 107 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
F: Hard drive, Flash drive, Thumb drive (Free 519 Go of 977 Go)
J: Hard drive, Flash drive, Thumb drive (Free 302 Go of 443 Go)
P: Hard drive, Flash drive, Thumb drive (Free 419 Go of 443 Go)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyGames: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
[MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.18/06/2014 – 23:58:27.) — C:WindowsSystem32wininet.dll [2266112]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.04/03/2014 – 10:43:50.) — C:WindowsSystem32Winlogon.exe [455168]
[MD5.BC204AB3FBC84E419DBC486E3CC5CE94] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 14:27:26.) — C:WindowsSystem32sppcomapi.dll [231936]
[MD5.FA886682CFC5D36718D3E436AACF10B9] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.30/05/2014 – 07:45:52.) — C:Windowssystem32DriversAFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:21.) — C:Windowssystem32DriversCdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:32.) — C:Windowssystem32DriversDfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:43.) — C:Windowssystem32DriversHDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:20.) — C:Windowssystem32DriversnetBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.24/01/2014 – 03:37:55.) — C:Windowssystem32Driversntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:35.) — C:Windowssystem32DriversRasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.20/11/2010 – 12:06:41.) — C:Windowssystem32Driversrdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:56.) — C:Windowssystem32Driverstdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.25/02/2011 – 07:25:38.) — C:Windowssystem32Driversvolsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 1/24
~ Mes Documents (My Documents) : 2/36
~ Mon Bureau (My Desktop) : 1/38
~ Menu demarrer (Programs) : 1/40
~ Hidden Files: Scanned in 00mn 00s

—\ Processus lancés
[MD5.AB6CE6F1827345453030E09533BD744B] – (…) — C:Program Files (x86)ASUSAI Suite IIIDIP4DIPAwayModeDipAwayMode.exe [1218360] [PID.2096]
[MD5.94626EA1B95A54444B950759BE5679E7] – (.ASUSTeK Computer Inc. – Pas de description.) — C:Program Files (x86)ASUSAI Suite IIIAISuite3.exe [1389368] [PID.2104]
[MD5.4FBC630768570E6AC35C3DE8F6EC79F5] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe [6970168] [PID.2588]
[MD5.C56AEF21A76A6E2BB36A384B2C96389F] – (.NVIDIA Corporation – NVIDIA GeForce Experience Backend.) — C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe [2403104] [PID.4560]
[MD5.ADDF1D80161DA7C5FB9D725EED986655] – (…) — C:Program Files (x86)ASUSAI Suite IIIDIP4DIPAwayModeEPUShortCut.exe [1221432] [PID.4988]
[MD5.B43E68B8A022FB00FF54360D408E871B] – (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe [860488] [PID.5500]
[MD5.AAA77701508F8AD3585461E67BE40AF2] – (.Samsung Electronics. – Samsung Magician Application.) — P:Program Files (x86)Samsung MagicianSamsung Magician.exe [4737440] [PID.5936]
[MD5.26B558B2D31C7425B455B00E562EAD93] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastavastui.exe [4085896] [PID.5996]
[MD5.6F815EE8023E715353C4D9F88F75D2B6] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8092160] [PID.3368]
[MD5.D2230317777033CD0456990BFC4994E5] – (.NVIDIA Corporation – Stereo Vision Control Panel API Server.) — C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe [411936] [PID.1016]
[MD5.73F5C13B431915BAE35254B4E95DFB71] – (.AVAST Software – avast! Service.) — C:Program FilesAVAST SoftwareAvastAvastSvc.exe [50344] [PID.1516]
[MD5.BBF8F831C7720DD5135D8C4C8325187A] – (…) — C:Program Files (x86)ASUSAXSP1.01.02atkexComSvc.exe [936728] [PID.1432]
[MD5.E536856E96A7605EBF580D62A868E5FE] – (…) — C:WindowsSysWOW64ASGT.exe [55296] [PID.2228]
[MD5.893481D570E97CED36EC7EBD56ADBF24] – (.ASUSTeK Computer Inc. – Pas de description.) — C:Program Files (x86)ASUSAAHM1.00.22aaHMSvc.exe [945152] [PID.2248]
[MD5.7683F046E48265C83E40EB3D4492E78E] – (.ASUSTeK Computer Inc. – ASUS Motherboard Fan Control Service.) — C:Program Files (x86)ASUSAsusFanControlService1.02.22AsusFanControlService.exe [1639424] [PID.2284]
[MD5.D84AEA3F3329D622DFC1297DDDF6163B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe [1809720] [PID.2868]
[MD5.4F45ED469906494F9BF754E476390DBD] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe [860472] [PID.2532]
[MD5.D0F743BD1F8E402E4A52D83574828AC2] – (.Pas de propriétaire – ducservice.) — C:Program Files (x86)No-IPducservice.exe [10752] [PID.2776]
[MD5.D6310F79E51D1F997E964E81DD368AEA] – (.NVIDIA Corporation – NVIDIA Network Service.) — C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe [1720608] [PID.2384]
[MD5.635686E528F2C9CB916EC1BB04EE6AD1] – (…) — C:Program Files (x86)SynologyAssistantUsbClientService.exe [248736] [PID.3092]
[MD5.6241810294275CEA59EBA9733080E5EE] – (.Intel Corporation – IAStorDataSvc.) — C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe [15720] [PID.5424]
[MD5.52069AEB42D3D0F97CBCA1085EBF55E6] – (.Intel Corporation – Intel(R) Dynamic Application Loader Host In.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe [169432] [PID.6564]
[MD5.8939CBB2526CB87C476DB9ABBF243AE0] – (.Intel Corporation – Intel(R) Local Management Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [390616] [PID.5708]
~ Processes Running: Scanned in 00mn 00s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersClementAppDataLocalGoogleChromeUser DataDefaultPreferences
G2 – GCE: Preference [User DataDefault] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
G2 – GCE: Preference [User DataDefault] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 – GCE: Preference [User DataDefault] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 – GCE: Preference [User DataDefault] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 – GCE: Preference [User DataDefault] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
G2 – GCE: Preference [User DataDefault] [onhbegdkgonhlokobjefolhpoidcnida] Synology Download Station v.2.1.7, (Activé)
G2 – GCE: Preference [User DataDefault] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

—\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 24 Legitimates Filtered in 00mn 05s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
R5 – HKLMSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: (no name) – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
O3 – Toolbar: (no name) – [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Applications lancées au démarrage du système (O4)
O4 – HKLM..Run: [ProfilerU] . (.Saitek – Saitek SST Profile Launcher.) — C:Program FilesSaitekSD6SoftwareProfilerU.exe
O4 – HKLM..Run: [NvBackend] . (.NVIDIA Corporation – NVIDIA GeForce Experience Backend.) — C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe
O4 – HKLM..Run: [ShadowPlay] . (.NVIDIA Corporation – NVIDIA Capture Server Proxy.) — C:Windowssystem32nvspcap64.dll
O4 – HKCU..Run: [GoogleChromeAutoLaunch_9E929130E8EBB2E1654F3E39F9DE2EFB] . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – HKLM..Wow6432NodeRun: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUS.DEFAULT..RunOnce: [SPReview] . (.Microsoft Corporation – SP Reviewer.) — C:WindowsSystem32SPReviewSPReview.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-18..RunOnce: [SPReview] . (.Microsoft Corporation – SP Reviewer.) — C:WindowsSystem32SPReviewSPReview.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-825608802-4289994647-314183835-1000..Run: [GoogleChromeAutoLaunch_9E929130E8EBB2E1654F3E39F9DE2EFB] . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
~ Application: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{612850A9-2EF8-4CFB-8F80-9F3A70CB5786}: DhcpNameServer = 192.168.42.129
O17 – HKLMSystemCCSServicesTcpip..{A203F6FA-8877-46A6-8152-30358027D010}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 – HKLMSystemCS1ServicesTcpip..{612850A9-2EF8-4CFB-8F80-9F3A70CB5786}: DhcpNameServer = 192.168.42.129
O17 – HKLMSystemCS1ServicesTcpip..{A203F6FA-8877-46A6-8152-30358027D010}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 – HKLMSystemCS2ServicesTcpip..{612850A9-2EF8-4CFB-8F80-9F3A70CB5786}: DhcpNameServer = 192.168.42.129
O17 – HKLMSystemCS2ServicesTcpip..{A203F6FA-8877-46A6-8152-30358027D010}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 212.27.40.241 212.27.40.240
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
O18 – Filter: text/xml [64Bits] – {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE15MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Liste des services NT non Microsoft et non désactivés (O23)
O23 – Service: ASGT (ASGT) . (…) – C:WindowsSysWOW64ASGT.exe
O23 – Service: NO-IP DUC v4 (NoIPDUCService4) . (.Pas de propriétaire – ducservice.) – C:Program Files (x86)No-IPducservice.exe
~ Services: 18 Legitimates Filtered in 00mn 05s

—\ Tâches planifiées en automatique (O39)
[MD5.D4F602B1F775B5827932D3C5B04A3FD2] [APT] [AutoKMS] (…) — C:WindowsAutoKMSAutoKMS.exe [3372032] =>Trojan.AutoKMS
[MD5.AB6CE6F1827345453030E09533BD744B] [APT] [ASUS DIPAwayMode] (…) — C:Program Files (x86)ASUSAI Suite IIIDIP4DIPAwayModeDipAwayMode.exe [1218360]
O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineCore [1066]
O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineUA [1070]
~ Scheduled Task: 16 Legitimates Filtered in 00mn 01s

—\ Pilotes lancés au démarrage du système (O41)
O41 – Driver: (ndisrd) . (.NT Kernel Resources – NDISRD helper driver.) – C:WindowsSystem32DRIVERSndisrd.sys
~ Drivers: 87 Legitimates Filtered in 00mn 00s

—\ Logiciels installés (O42)
O42 – Logiciel: Le Chercheur de Mots 1.0.49 – (…) [HKLM][64Bits] — Le Chercheur de Mots_is1
~ Logic: 23 Legitimates Filtered in 00mn 00s

—\ HKCU & HKLM Software Keys
[HKLMSoftwareRespawn]
[HKLMSoftwareWow6432NodeRespawn]
[HKLMSoftwarejumpshot.com]
~ Key Software: 259 Legitimates Filtered in 00mn 00s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 09/04/2014 – 13:21:32 – [] —-D C:Program Files (x86)ImageWriter
O43 – CFD: 10/03/2014 – 15:23:03 – [] —-D C:UsersClementAppDataRoamingcom.spiderneo.junglertimer
O43 – CFD: 17/08/2014 – 15:23:42 – [0] —-D C:UsersClementAppDataRoamingStore =>PUP.Nosibay
~ Program Folder: 174 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.BABA8E4A8F084AA69862473513768F43] – 15/08/2014 – 01:37:47 —A- . (…) — C:WindowsDirectX.log [18549]
O44 – LFC:[MD5.015DABC37D498783F67BF2D830B8B713] – 17/08/2014 – 22:27:12 —A- . (…) — C:DelFix.txt [724]
~ Files: 91 Legitimates Filtered in 00mn 00s

—\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 – MPSK:{724d44d4-dba5-11e3-9f44-74d02b9f0221}AutoRuncommand. (…) — G:Startme.exe (.not file.)
O51 – MPSK:{ba83cb47-a14d-11e3-a996-806e6f6e6963}AutoRuncommand. (…) — D:.BinASSETUP.exe (.not file.)
~ Keys: Scanned in 00mn 00s

—\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 – SMSR:HKLM…startupregNoIPDUCv4 [Key] . (.Pas de propriétaire – DUC40.) — C:Program Files (x86)No-IPDUC40.exe
O53 – SMSR:HKLM…startupregOODefragTray [Key] . (…) — C:Program FilesOO SoftwareDefragoodtray.exe (.not file.)
~ SMSR Keys: 14 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “PromptOnSecureDesktop”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:23/07/2014 – 10:40:54 —A- . (…) — C:WindowsSystem32DriversaswHwid.sys [29208] =>.ALWIL Software
O58 – SDL:23/07/2014 – 10:40:54 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65776] =>.ALWIL Software
O58 – SDL:23/07/2014 – 10:40:55 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [224896] =>.ALWIL Software
O58 – SDL:03/08/2012 – 10:36:52 —A- . (.Windows (R) Win 7 DDK provider – Synology Virtual USB Hub.) — C:WindowsSystem32Driversbusenum.sys [55776]
O58 – SDL:14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
O58 – SDL:10/06/2009 – 21:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
O58 – SDL:07/02/2013 – 09:31:14 R–A- . (.NT Kernel Resources – NDISRD helper driver.) — C:WindowsSystem32Driversndisrd.sys [32840]
O58 – SDL:19/04/2013 – 03:56:48 —A- . (…) — C:WindowsSystem32Driversnvflash.sys [15648]
O58 – SDL:14/07/2009 – 02:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
O58 – SDL:22/08/2013 – 13:40:24 —A- . (.The OpenVPN Project – TAP-Windows Virtual Network Driver.) — C:WindowsSystem32Driverstap0901.sys [40664]
O58 – SDL:29/11/2013 – 09:31:28 —A- . (…) — C:WindowsSystem32ampa.sys [17008]
O58 – SDL:21/08/2012 – 19:54:10 R–A- . (…) — C:WindowsSysWOW64driversAsIO.sys [15232]
O58 – SDL:14/09/2012 – 03:06:23 R–A- . (…) — C:WindowsSysWOW64driversAsUpIO.sys [14464]
O58 – SDL:02/04/2009 – 13:30:14 —A- . (…) — C:WindowsSysWOW64driversASUSHWIO.SYS [10296]
O58 – SDL:29/11/2013 – 09:31:28 —A- . (…) — C:WindowsSysWOW64ampa.sys [17008]
~ Drivers: 93 Legitimates Filtered in 00mn 00s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Liste les services legacy du registre (LALS) (O64)
O64 – Services: CurCS – 23/07/2014 – C:Windowssystem32driversaswHwid.sys (aswHwid) .(…) – LEGACY_ASWHWID
~ Legacy: 93 Legitimates Filtered in 00mn 00s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s

—\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 – FAEL: “{50E86DB5-872C-48A7-8ED7-31F6D6542D29}” | In – None – P6 – TRUE | .(.BitTorrent Inc. – µTorrent.) — F:Downloadstorrent_3-4-build-30635_fr_18245.exe =>P2P.BitTorrent
O87 – FAEL: “{FAD57A23-6B11-4E3A-BF15-804B187825AB}” | In – None – P17 – TRUE | .(.BitTorrent Inc. – µTorrent.) — F:Downloadstorrent_3-4-build-30635_fr_18245.exe =>P2P.BitTorrent
O87 – FAEL: “{AEEDCC9F-2ADC-4CA4-873A-C41FE8FA58D4}” | In – None – P6 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:UsersClementAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
O87 – FAEL: “{F2D83A52-5F3D-4695-A3BA-32E4EB1C18EE}” | In – None – P17 – TRUE | .(.BitTorrent Inc. – µTorrent.) — C:UsersClementAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 00s

—\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Disabled 02/03/2014 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Disabled 02/03/2014 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 02/01/2013 171632 | (ICCS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Integrated Clock Controller ServiceICCProxy.exe
SS – | Demand 27/08/2013 828376 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) – C:Program FilesInteliCLS ClientSocketHeciServer.exe
SS – | Demand 29/05/2014 543424 | (Steam Client Service) . (.Valve Corporation.) – C:Program Files (x86)Common FilesSteamSteamService.exe
SR – | Auto 07/05/2013 936728 | (asComSvc) . (…) – C:Program Files (x86)ASUSAXSP1.01.02atkexComSvc.exe
SR – | Auto 17/01/2012 55296 | (ASGT) . (…) – C:WindowsSysWOW64ASGT.exe
SR – | Auto 07/05/2013 945152 | (asHmComSvc) . (.ASUSTeK Computer Inc..) – C:Program Files (x86)ASUSAAHM1.00.22aaHMSvc.exe
SR – | Auto 09/05/2013 1639424 | (AsusFanControlService) . (.ASUSTeK Computer Inc..) – C:Program Files (x86)ASUSAsusFanControlService1.02.22AsusFanControlService.exe
SR – | Auto 23/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
SR – | Auto 21/11/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
SR – | Auto 27/08/2013 747520 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) – C:Program FilesInteliCLS ClientHeciServer.exe
SR – | Auto 10/12/2013 169432 | (jhi_service) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe
SR – | Auto 10/12/2013 390616 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
SR – | Auto 24/02/2014 2818888 | (MaConfigAgent) . (.CybelSoft.) – C:Program Filesma-config.comMaConfigAgent.exe
SR – | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe
SR – | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe
SR – | Auto 06/02/2014 10752 | (NoIPDUCService4) . (…) – C:Program Files (x86)No-IPducservice.exe
SR – | Auto 25/07/2014 1720608 | (NvNetworkService) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe
SR – | Auto 25/07/2014 18956064 | (NvStreamSvc) . (.NVIDIA Corporation.) – C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe
SR – | Auto 02/07/2014 935368 | (nvsvc) . (.NVIDIA Corporation.) – C:Windowssystem32nvvsvc.exe
SR – | Auto 02/07/2014 411936 | (Stereo Service) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe
SR – | Auto 23/01/2014 248736 | (UsbClientService) . (…) – C:Program Files (x86)SynologyAssistantUsbClientService.exe
SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 00mn 03s

—\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Clement at 17/08/2014 23:28:51
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s

—\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by Clement at 17/08/2014 23:28:53
********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s

—\ Scan Additionnel (O88)
Database Version : 13026 – (16/08/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 1

C:UsersClementAppDataRoamingStore =>PUP.Nosibay^
C:WindowsAutoKMSAutoKMS.exe =>Trojan.AutoKMS^
~ Additionnel Scan: 196869 Items scanned in 00mn 09s

—\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/g2-google-chrome-extensions/” onclick=”window.open(this.href);return false; =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/” onclick=”window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/” onclick=”window.open(this.href);return false; =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/” onclick=”window.open(this.href);return false; =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/” onclick=”window.open(this.href);return false; =>.Clé de registre Shell MountPoints2 (MPKS) (O51)
~ AMI: 5 Legitimates Filtered in 00mn 00s

—\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/trojan-autokms” onclick=”window.open(this.href);return false; =>Trojan.AutoKMS
~ MSI: 1 link(s) detected in 00mn 00s

~ 892 Legitimates filtered by white list
End of the scan (447 lines in 00mn 59s)(0)[/spoiler:1sk6pv8j]