Répondre à : Clé USB infectée 2016-09-08T13:16:41+00:00
Photo du profil de Kiwi GivreKiwi Givre
Participant
Post count: 3

Merci pour l’accueil et la réponse rapide.

Pour ZHPDiag, j’ai juste confondu avec ZHPFix.
Voici le rapport :

[spoiler:321suf5n]~ Rapport de ZHPDiag v2013.11.10.24 – Nicolas Coolman (10/11/2013)
~ Lancé par Tiffany (11/11/2013 15:46:31)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program

—\ Navigateurs Internet
MSIE: Internet Explorer v8.0.7600.16385
MFIE: Mozilla Firefox 22.0
GCIE: Google Chrome v30.0.1599.101 (Defaut)

—\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
avast! Free Antivirus v9.0.2007
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

—\ Logiciels d'optimisation du système
CCleaner v4.01 =>Piriform Ltd

—\ Logiciels de partage PeerToPeer
Pando Media Booster v2.6.0.7

—\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.5 MUI
Java 7 Update 45

—\ Informations sur le système
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3766 MB (53% free)
System Restore: Activé (Enable)
System drive C: has 47 GB (18%) free of 253 GB

—\ Mode de connexion au système
~ Computer Name: TIFFANY-PC
~ User Name: Tiffany
~ All Users Names: Tiffany, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d'environnement
~ System Unit : C:
~ %AppZHP% : C:UsersTiffanyAppDataRoamingZHP
~ %AppData% : C:UsersTiffanyAppDataRoaming
~ %Desktop% : C:UsersTiffanyDesktop
~ %Favorites% : C:UsersTiffanyFavorites
~ %LocalAppData% : C:UsersTiffanyAppDataLocal
~ %StartMenu% : C:UsersTiffanyAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 47 Go of 253 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 94 Go of 200 Go)
F: Floppy drive, Flash card reader, USB Key (Free 3 Go of 4 Go)
G: Floppy drive, Flash card reader, USB Key (Free 2 Go of 4 Go)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowHelp: Modified =>PUA.StartShow
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyGames: Modified
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyMusic: Modified
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyPics: Modified
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowSetProgramAccessAndDefaults: Modified =>PUA.StartShow
~ Security Center: 41 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.0862495E0C825893DB75EF44FAEA8E93] – (.Microsoft Corporation – Explorateur Windows.) (.26/02/2011 – 07:23:14.) — C:WindowsExplorer.exe [2870272]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
[MD5.8523338F749AC8C5300C125BC4B08275] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.02/03/2013 – 06:49:19.) — C:WindowsSystem32wininet.dll [1198080]
[MD5.DA3E2A6FA9660CC75B471530CE88453A] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.28/10/2009 – 07:24:40.) — C:WindowsSystem32Winlogon.exe [389632]
[MD5.75341574F21E766748732BDF530C74BD] – (.Microsoft Corporation – Bibliothèque de licences.) (.14/07/2009 – 02:41:54.) — C:WindowsSystem32sppcomapi.dll [231936]
[MD5.DB9D6C6B2CD95A9CA414D045B627422E] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/12/2011 – 04:59:11.) — C:Windowssystem32DriversAFD.sys [499200]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.14/07/2009 – 00:19:54.) — C:Windowssystem32DriversCdrom.sys [147456]
[MD5.9C253CE7311CA60FC11C774692A13208] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.27/04/2011 – 03:57:40.) — C:Windowssystem32DriversDfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.14/07/2009 – 01:06:13.) — C:Windowssystem32DriversHDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
[MD5.040D62A9D8AD28922632137ACDD984F2] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.04/05/2011 – 03:51:08.) — C:Windowssystem32DriversMRxSmb.sys [157696]
[MD5.9162B273A44AB9DCE5B44362731D062A] – (.Microsoft Corporation – MBT Transport driver.) (.14/07/2009 – 00:21:29.) — C:Windowssystem32DriversnetBT.sys [259072]
[MD5.9A6089B056EA1B83B36424FC9D0A300E] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:36:37.) — C:Windowssystem32Driversntfs.sys [1653096]
[MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.14/07/2009 – 01:10:12.) — C:Windowssystem32DriversRasl2tp.sys [130048]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] – (.Microsoft Corporation – TDI Translation Driver.) (.14/07/2009 – 00:21:15.) — C:Windowssystem32Driverstdx.sys [99840]
[MD5.9E425AC5C9A5A973273D169F43B4F5E1] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.06/09/2012 – 18:38:18.) — C:Windowssystem32Driversvolsnap.sys [295792]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/14
~ Mes Videos (My Videos) : 1/314
~ Mes Favoris (My Favorites) : 1/30
~ Mes Documents (My Documents) : 1/5946
~ Mon Bureau (My Desktop) : 1/1569
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 11s

—\ Processus lancés
[MD5.736E57247F12EACECDB224B8D1F7F187] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe [3568312] [PID.4080]
[MD5.3E399A1328181C2A352472369DE2A93A] – (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe [844752] [PID.1092]
[MD5.34B25A7B5FBA206C17B9F028736E9B36] – (.Don HO don.h@free.fr – Notepad++ : a free (GNU) source code editor.) — C:Program Files (x86)Notepad++notepad++.exe [1785856] [PID.992]
[MD5.5F4634A5F4629F2FC242C45F78F44668] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8201216] [PID.4352]
[MD5.7A189530FD0CFD415DBE41123F8A6A59] – (.AVAST Software – avast! Service.) — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe [50344] [PID.1328]
[MD5.DBC1136A62BD4DECC3632DF650284C2E] – (.Intel Corporation – Local Manageability Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [268824] [PID.6140]
~ Processes Running: Scanned in 00mn 00s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersTiffanyAppDataLocalGoogleChromeUser DataDefaultPreferences
G2 – GCE: Preference [User DataDefault] [jpmbfleldcgkldadpdinhjjopdfpjfjp] Wajam v.1.24 (Désactivé) =>Toolbar.Wajam
~ Google Browser: 16 Legitimates Filtered in 00mn 13s

—\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:UsersTiffanyAppDataRoamingMozillaFirefoxProfilesa5ps8751.defaultprefs.js
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 23

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: (no name) [64Bits] – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: Monopoly Tycoon.lnk . (.DeepRed Games Ltd – Monopoly Tycoon.) — C:Program Files (x86)Monopoly Tycoonmc.exe
O4 – GSDesktop [Public]: Oracle VM VirtualBox.lnk . (…) — C:Program Files (x86)OracleVirtualBoxVirtualBox.exe (.not file.)
O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
O4 – GSQuickLaunch [Tiffany]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSQuickLaunch [Tiffany]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSQuickLaunch [Tiffany]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
O4 – GSQuickLaunch [Tiffany]: Packard Bell Games.lnk . (.WildTangent, Inc. – GameConsole.) — C:Program Files (x86)Packard Bell GamesPackard Bell Game ConsoleGameConsole-wt.exe
O4 – GSTaskBar [Tiffany]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSProgram [Tiffany]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSProgram [Tiffany]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSSystemTools [Tiffany]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSDesktop [Tiffany]: ArgoUML.lnk . (.Oracle Corporation – Java(TM) Platform SE binary.) — C:Program Files (x86)Javajre7binjavaw.exe
O4 – GSDesktop [Tiffany]: DrScheme.lnk . (.PLT Scheme Inc. – PLT Scheme GUI application.) — C:Program Files (x86)PLTDrScheme.exe
O4 – GSDesktop [Tiffany]: eclipse.exe.lnk . (…) — C:UsersTiffanyDocuments_Manueeclipseeclipse.exe
O4 – GSDesktop [Tiffany]: Packard Bell Games.lnk . (.WildTangent, Inc. – GameConsole.) — C:Program Files (x86)Packard Bell GamesPackard Bell Game ConsoleGameConsole-wt.exe
O4 – GSDesktop [Tiffany]: TeXnicCenter.lnk . (.TeXnicCenter.org (www.TeXnicCenter.org) – TeXnicCenter.) — C:Program Files (x86)TeXnicCenterTEXCNTR.exe
~ Global Startup: 79 Legitimates Filtered in 00mn 01s

—\ Applications lancées au démarrage du sytème (O4)
O4 – HKCU..Run: [updat] . (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32wscript.exe
O4 – HKLM..Wow6432NodeRun: [avast5] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5avastUI.exe
O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
O4 – HKLM..Wow6432NodeRun: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe
O4 – HKLM..Wow6432NodeRunOnce: [Malwarebytes Anti-Malware] . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe
O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-2848778757-3075014622-2251656898-1000..Run: [updat] . (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32wscript.exe
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 – Extra button: &Envoyer à OneNote [64Bits] – {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:Program Files (x86)MICROS~2Office14ONBttnIE.dll (.not file.)
O9 – Extra button: Notes &liées OneNote [64Bits] – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} — C:Program Files (x86)MICROS~2Office14ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{5C0A3319-D615-4123-A350-3B56102C00B3}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 – HKLMSystemCS1ServicesTcpip..{5C0A3319-D615-4123-A350-3B56102C00B3}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 – HKLMSystemCS2ServicesTcpip..{5C0A3319-D615-4123-A350-3B56102C00B3}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 89.2.0.1 89.2.0.2
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlmailhtml [64Bits] – {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (…) —
O18 – Filter: text/xml [64Bits] – {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE14MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

—\ Tâches planifiées en automatique (O39)
O39 – APT:Automatic Planified Task – C:WindowsTasksAutoKMS.job [268]
[MD5.00000000000000000000000000000000] [APT] [{14964A8D-1136-4627-9A80-89EF95403825}] (…) — C:UsersTiffanyDownloadsWin7_64_152612.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3393B27B-B521-42C4-A6B0-EFCF7886FD5C}] (…) — C:UsersTiffanyDownloadsWin7Vista_64_152254.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9810EFDE-9DD9-4888-A890-A3B90F2D5850}] (…) — C:UsersTiffanyDownloadsProgrammesWin7_64_152612.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BAD935DC-F7CD-4003-ACAA-17AE78C6F4C9}] (…) — C:UsersTiffanyDownloadsWin7Vista_152258.exe (.not file.) [0]
~ Scheduled Task: 16 Legitimates Filtered in 00mn 05s

—\ Logiciels installés (O42)
O42 – Logiciel: Graphviz 2.28 – (.AT&T Research Labs.) [HKLM][64Bits] — {D437FFB6-5C49-4DAC-ABAE-33FF065FE7CC}
O42 – Logiciel: PLT Scheme v4.2.5 – (.PLT Scheme Inc..) [HKLM][64Bits] — PLT-4.2.5
~ Logic: 174 Legitimates Filtered in 00mn 00s

—\ HKCU & HKLM Software Keys
[HKCUSoftwarePando Networks]
[HKCUSoftwareQGIS]
[HKLMSoftwareWow6432NodePando Networks]
~ Key Software: 281 Legitimates Filtered in 00mn 00s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 10/04/2012 – 10:08:34 – [153,213] —-D C:Program Files (x86)Graphviz 2.28
O43 – CFD: 02/10/2011 – 23:54:44 – [0,021] —-D C:Program Files (x86)Jeux
O43 – CFD: 05/05/2012 – 08:48:57 – [7,182] —-D C:Program Files (x86)Pando Networks
O43 – CFD: 04/11/2011 – 17:08:36 – [194,569] —-D C:Program Files (x86)PLT
O43 – CFD: 13/02/2011 – 12:15:21 – [0,001] —-D C:UsersTiffanyAppDataRoamingfr.barrierepoker.air.D043989C8F5E91300BF71855036B28F854BB8613.1
O43 – CFD: 16/12/2011 – 14:50:44 – [0,004] —-D C:UsersTiffanyAppDataRoamingPLT Scheme
O43 – CFD: 04/11/2011 – 17:06:42 – [0,001] —-D C:UsersTiffanyAppDataRoamingRacket
O43 – CFD: 13/02/2011 – 11:47:24 – [0,614] —-D C:UsersTiffanyAppDataRoamingwam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
O43 – CFD: 21/07/2011 – 19:01:59 – [5,318] —-D C:UsersTiffanyAppDataLocalPokerStars.FR
~ Program Folder: 228 Legitimates Filtered in 01mn 17s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.E77F8FA7BBFD2BBA473019209FC25DB8] – 11/11/2013 – 12:25:00 —A- . (…) — C:UsbFix [Scan 1] TIFFANY-PC.txt [8160]
~ Files: 27 Legitimates Filtered in 00mn 24s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.F18B2DC3E184415C3FC713BDDC26406B] – 11/11/2013 – 02:33:14 —A- – C:WindowsPrefetchPMB.EXE-B9083A8E.pf
O45 – LFCP:[MD5.567E7B1B43E69F8CD04B72F45CE8E59C] – 11/11/2013 – 12:08:16 —A- – C:WindowsPrefetchINSTUP.EXE-A21AC9E7.pf
O45 – LFCP:[MD5.D324899C134C3F7BF674F768E793DF7C] – 11/11/2013 – 12:28:59 —A- – C:WindowsPrefetchGO.EXE-9F5F9B7B.pf
~ Prefetcher: 105 Legitimates Filtered in 00mn 00s

—\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 – SEH:ShellExecuteHooks – Groove GFS Stub Execution Hook [64Bits] – {B5A7F190-DDA6-4420-B3BA-52453494E6CD} – C:PROGRA~2MICROS~1Office14GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s

—\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 – MPSK:{107bf5a4-3d09-11e1-a58e-70f1a16a457c}AutoRuncommand. (…) — G:MTInstall.exe (.not file.)
~ Keys: Scanned in 00mn 00s

—\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 – SMSR:HKLM…startupreghpqSRMon [Key] . (…) — C:Program Files (x86)HPDigital ImagingbinhpqSRMon.exe (.not file.)
~ SMSR Keys: 19 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] – 07/11/2013 – 11:52:15 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65776]
~ Drivers: 16 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 08/11/2013 – 15:49:38 —A- . (…) — C:UsersTiffanyAppDataRoamingZHPHOSTS.txt [851] =>.Nicolas Coolman
O61 – LFC: 08/11/2013 – 15:50:44 —A- . (…) — C:UsersTiffanyDownloadsmod_python-3.4.1.tgz [566218]
O61 – LFC: 08/11/2013 – 15:50:44 —A- . (…) — C:UsersTiffanyDownloadsnpp.6.5.1.Installer.exe [7520740]
O61 – LFC: 08/11/2013 – 15:50:47 —A- . (.Hervé Leclerc (HeL).) — C:UsersTiffanyDownloadsWampserver2.4-x64.exe [40603386]
O61 – LFC: 11/11/2013 – 15:49:12 —A- . (…) — C:UsersTiffanyAppDataLocalGoogleChromeUser DataLocal State [46636]
O61 – LFC: 11/11/2013 – 15:49:24 —A- . (…) — C:UsersTiffanyAppDataLocalPMB Files56755675AC921A572AA06D3E8B96168B76413393FD85.ct1 [494] =>P2P.Pando
O61 – LFC: 11/11/2013 – 15:49:24 —A- . (…) — C:UsersTiffanyAppDataLocalPMB Filescertcert8.db [65536] =>P2P.Pando
O61 – LFC: 11/11/2013 – 15:49:24 —A- . (…) — C:UsersTiffanyAppDataLocalPMB Filescertkey3.db [16384] =>P2P.Pando
O61 – LFC: 11/11/2013 – 15:49:24 —A- . (…) — C:UsersTiffanyAppDataLocalPMB Filescertsecmod.db [16384] =>P2P.Pando
O61 – LFC: 11/11/2013 – 15:49:24 —A- . (…) — C:UsersTiffanyAppDataLocalPMB Filespando.save [10160] =>P2P.Pando
O61 – LFC: 11/11/2013 – 15:49:38 —A- . (…) — C:UsersTiffanyAppDataRoamingZHPLog.txt [19633] =>.Nicolas Coolman
O61 – LFC: 11/11/2013 – 15:49:38 —A- . (…) — C:UsersTiffanyAppDataRoamingZHPTestsZHPDiag.txt [2899] =>.Nicolas Coolman
~ 3 Fichiers temporaires (Temporary files)
~ Files: 267 Legitimates Filtered in 01mn 46s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net.) [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {AC13A09F-B424-489A-94D0-B5D625AA9109} – (Ask Search) – http://websearch.ask.com” onclick=”window.open(this.href);return false; =>Toolbar.Ask
~ Keys: Scanned in 00mn 00s

—\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:UsersTiffanyDocuments_Jean-lucDossiers JlucWinRAR 3.92Keygen — COREkeygen.exe
C:UsersTiffanyDocuments_Jean-lucDossiers JlucWinRAR 3.92Keygen — COREkeygen.exe
~ Files: Scanned in 01mn 17s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.055E35E21556FB513679E77D0A80ADB6] [SPRF][05/02/2011] (…) — C:ProgramDataezsidmv.dat [56]
[MD5.887173F53072CD2D238014F4199B35CF] [SPRF][02/11/2012] (…) — C:UsersTiffanyAppDataLocalTempxmlUpdater.exe [118784]
[MD5.E447F6E7BF834A145A5B0EC513EA5AEA] [SPRF][20/03/2013] (…) — C:UsersTiffanyAppDataRoamingwklnhst.dat [1084]
[MD5.9812917FE2FCDEA2FD800573D7842E5D] [SPRF][11/11/2013] (…) — C:UsersTiffanyDesktopadwcleaner.exe [1085542]
~ Files: 5 Legitimates Filtered in 00mn 00s

—\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 – FAEL: “TCP Query User{BA8C4616-43E3-4CCF-B84B-5D9E33BAB4FC}C:program files (x86)monopoly tycoonmc.exe” | In – Public – P6 – TRUE | .(.DeepRed Games Ltd – Monopoly Tycoon.) — C:program files (x86)monopoly tycoonmc.exe
O87 – FAEL: “UDP Query User{459324B6-EA86-4CE9-9DA4-A392B0CDFDB8}C:program files (x86)monopoly tycoonmc.exe” | In – Public – P17 – TRUE | .(.DeepRed Games Ltd – Monopoly Tycoon.) — C:program files (x86)monopoly tycoonmc.exe
~ Firewall: 218 Legitimates Filtered in 00mn 01s

—\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.435E6AD30125295F5A3F4961D33E898F] [WIS][08/03/2010] (.NewTech Infosystems – Backup Manager Basic.) — C:WindowsInstaller2829c.msi [996864]
[MD5.9EBB84AEEA8B9883B968E32A549BA77D] [WIS][25/08/2013] (.Husdawg, LLC – System Requirements Lab for Intel.) — C:WindowsInstaller7041213.msi [405504]
[MD5.7AE5FF598B22E4F65558BAF73107FA7E] [WIS][14/05/2009] (.Builds the Destinations MSI – Builds the Destinations MSI.) — C:WindowsInstallerc58f9.msi [459264]
~ WIS: 123 Legitimates Filtered in 00mn 10s

—\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Demand 09/10/2009 169312 | (AdobeActiveFileMonitor8.0) . (.Adobe Systems Incorporated.) – c:Program Files (x86)AdobeElements Organizer 8.0PhotoshopElementsFileAgent.exe
SR – | Auto 07/11/2013 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
SS – | Auto 08/04/2010 312400 | (DsiWMIService) . (.Dritek System Inc..) – C:Program Files (x86)Launch Managerdsiwmis.exe
SS – | Auto 17/03/2010 866336 | (ePowerSvc) . (.Acer Incorporated.) – C:Program FilesPackard BellPackard Bell Power ManagementePowerSvc.exe
SS – | Demand 07/06/2010 867080 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) – C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
SS – | Demand 10/10/2009 238328 | (GameConsoleService) . (.WildTangent, Inc..) – C:Program Files (x86)Packard Bell GamesPackard Bell Game ConsoleGameConsoleService.exe
SS – | Auto 08/01/2010 23584 | (GREGService) . (.Acer Incorporated.) – C:Program Files (x86)Packard BellRegistrationGREGsvc.exe
SS – | Auto 30/07/2013 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 30/07/2013 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SR – | Demand 14/07/2009 27136 | C:Program Files (x86)HPDigital Imagingbinhpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
SR – | Auto 14/07/2009 27136 | C:Program Files (x86)HPDigital Imagingbinhpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
SR – | Auto 14/07/2009 27136 | C:Program Files (x86)HPDigital ImagingbinHPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
SS – | Auto 24/12/2009 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
SR – | Auto 18/03/2010 268824 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
SS – | Demand 03/08/2012 427672 | (maconfservice) . (.CybelSoft.) – C:Program Filesma-config.comx64maconfservice.exe
SS – | Demand 03/07/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
SS – | Demand 15/01/2010 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) – C:Program Files (x86)Common FilesNeroNero BackItUp 4NBService.exe
SS – | Auto 14/07/2009 27136 | C:Windowssystem32HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
SS – | Auto 09/03/2010 250368 | (NTI IScheduleSvc) . (.NewTech Infosystems, Inc..) – C:Program Files (x86)NewTech InfosystemsPackard Bell MyBackupIScheduleSvc.exe
SS – | Auto 14/07/2009 27136 | C:Windowssystem32HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
SS – | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
SS – | Demand 02/11/2009 126352 | (TurboBoost) . (.Intel(R) Corporation.) – C:Program FilesIntelTurboBoostTurboBoost.exe
SS – | Auto 18/03/2010 2320920 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
SS – | Auto 29/01/2010 243232 | (Updater Service) . (.Acer Group.) – C:Program FilesPackard BellPackard Bell UpdaterUpdaterService.exe
SS – | Demand 23/06/2013 24576 | (wampapache) . (.Apache Software Foundation.) – c:wampbinapacheapache2.4.4binhttpd.exe
SS – | Demand 23/06/2013 12867584 | (wampmysqld) . (…) – c:wampbinmysqlmysql5.6.12binmysqld.exe
SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 00mn 12s

—\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Tiffany at 11/11/2013 15:52:30
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s

—\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by Tiffany at 11/11/2013 15:52:32

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s

—\ Scan Additionnel (O88)
Database Version : 12993 – (10/11/2013)
Clés trouvées (Keys found) : 14
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 1

[HKLMSoftwareGoogleChromeExtensionsjpmbfleldcgkldadpdinhjjopdfpjfjp] =>Toolbar.Wajam^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodes1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd
[HKLMSoftwareClassesesri3DAnalystUI.DeltaXYZSketch3DMenuItem] =>Toolbar.DeltaSearch
[HKLMSoftwareClassesesri3DAnalystUI.DeltaXYZSketch3DMenuItem.1] =>Toolbar.DeltaSearch
[HKLMSoftwareClassesesriCadastralUI.DeltaXYConstructionMenuItem] =>Toolbar.DeltaSearch
[HKLMSoftwareClassesesriCadastralUI.DeltaXYConstructionMenuItem.1] =>Toolbar.DeltaSearch
[HKLMSoftwareWow6432NodeClassesesri3DAnalystUI.DeltaXYZSketch3DMenuItem] =>Toolbar.DeltaSearch
[HKLMSoftwareWow6432NodeClassesesri3DAnalystUI.DeltaXYZSketch3DMenuItem.1] =>Toolbar.DeltaSearch
[HKLMSoftwareWow6432NodeClassesesriCadastralUI.DeltaXYConstructionMenuItem] =>Toolbar.DeltaSearch
[HKLMSoftwareWow6432NodeClassesesriCadastralUI.DeltaXYConstructionMenuItem.1] =>Toolbar.DeltaSearch
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsAAC05EAA51DC78A41A1DCE3B31038584] =>Adware.Boxore^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsBA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
C:UsersTiffanyAppDataLocalGoogleChromeUser DataDefaultExtensionsjpmbfleldcgkldadpdinhjjopdfpjfjp =>Toolbar.Wajam^
C:UsersTiffanyAppDataLocalSoftware =>Adware.Boxore
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowHelp: Modified =>PUA.StartShow ^
~ Additionnel Scan: 581464 Items scanned in 00mn 40s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/34077727-pua-startshow” onclick=”window.open(this.href);return false; =>PUA.StartShow
~ http://nicolascoolman.webs.com/apps/blog/show/27379491-toolbar-wajam” onclick=”window.open(this.href);return false; =>Toolbar.Wajam
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask” onclick=”window.open(this.href);return false; =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/27229962-adware-predictad” onclick=”window.open(this.href);return false; =>Adware.PredictAd
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch” onclick=”window.open(this.href);return false; =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore” onclick=”window.open(this.href);return false; =>Adware.Boxore
~ MSI: 6 link(s) detected in 00mn 40s

~ 1650 Legitimates filtered by white list
End of the scan (509 lines in 06mn 41s)(2)[/spoiler:321suf5n]

J’ai fait le nettoyage avec USBfix et voici le rapport

[spoiler:321suf5n]############################## | UsbFix V 7.150 | [Suppression]

Utilisateur: Tiffany (Administrateur) # TIFFANY-PC
Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
Lancé à 15:58:29 | 11/11/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Packard Bell (EasyNote TM85 )
CPU: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
RAM -> [Total : 3767 | Free : 2082]
Bios: Packard Bell
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-Bit)
WB: Windows Internet Explorer : 8.0.7600.16385
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 22.0

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 253 Go (47 Go libre(s) – 19%) [Packard Bell] # NTFS
D: -> CD-ROM
E: -> Disque fixe # 200 Go (94 Go libre(s) – 47%) [Nouveau nom] # NTFS
F: -> Disque amovible # 4 Go (3 Go libre(s) – 92%) [KIWI] # FAT32
G: -> Disque amovible # 4 Go (2 Go libre(s) – 43%) [] # FAT32

################## | Processus Stoppés |

Stoppé! C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (ID: 1328 |ParentID: 624)
Stoppé! C:Program FilesAlwil SoftwareAvast5AvastUI.exe (ID: 4080 |ParentID: 3832)
Stoppé! C:Windowsexplorer.exe (ID: 592 |ParentID: 748)
Stoppé! C:Windowssystem32taskhost.exe (ID: 2084 |ParentID: 624)
Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 3836 |ParentID: 624)
Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 2296 |ParentID: 624)
Stoppé! C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 5912 |ParentID: 624)
Stoppé! C:Windowssystem32taskmgr.exe (ID: 5004 |ParentID: 748)
Stoppé! C:WindowsSystem32spoolsv.exe (ID: 4128 |ParentID: 624)
Stoppé! C:Windowssystem32PrintIsolationHost.exe (ID: 4444 |ParentID: 816)
Stoppé! C:Windowssystem32WUDFHost.exe (ID: 3228 |ParentID: 388)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [avast5] – “C:Program FilesAlwil SoftwareAvast5avastUI.exe” /nogui
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAlwil SoftwareAvast5AvastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [avast5] – “C:Program FilesAlwil SoftwareAvast5avastUI.exe” /nogui
04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
04 – HKLMSOFTWAREwow6432Node | Run : [AvastUI.exe] – “C:Program FilesAlwil SoftwareAvast5AvastUI.exe” /nogui
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKLMSOFTWARE | RunOnce : [Malwarebytes Anti-Malware] – C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe /install /silent
04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
04 – HKLMSOFTWAREwow6432Node | RunOnce : [Malwarebytes Anti-Malware] – C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe /install /silent
04 – HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-21-2848778757-3075014622-2251656898-1000SOFTWARE | Run : [updat] – wscript.exe //B “C:UsersTiffanyAppDataLocalTempupdat.vbs”
04 – HKUS-1-5-19SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20SOFTWARE | RunOnce : [mctadmin] – C:WindowsSystem32mctadmin.exe

################## | Recherche générique |

Supprimé! C:UsersTiffanyAppDataRoamingFreeFLVConverterswfobject.js
Supprimé! C:UsersTiffanyAppDataRoamingFreeFLVConverter
Supprimé! C:UsersTiffanyAppDataLocalTempupdat.vbs
Supprimé! C:UsersTiffanyAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupupdat.vbs
Supprimé! F:updat.vbs
Supprimé! G:updat.vbs
Supprimé! F:Cours_QGIS.lnk
Supprimé! F:Enquête.lnk
Supprimé! F:SIG.lnk
Supprimé! G:MapInfo_10.5_FR.lnk
Supprimé! G:POP_JAPON.lnk
Supprimé! G:BD_NEIC_NOAA_NGDC.lnk
Supprimé! G:Dossier_Carto et Stat'_ Japon.lnk

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : 01C034D0EFFBF218689F6F4678AF63CC -> C:UsersTiffanyAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupupdat.vbs
Md5 : 01C034D0EFFBF218689F6F4678AF63CC -> C:UsersTiffanyAppDataLocalTempupdat.vbs
Md5 : 01C034D0EFFBF218689F6F4678AF63CC -> C:UsersTiffanyAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupupdat.vbs
Md5 : 01C034D0EFFBF218689F6F4678AF63CC -> C:UsersTiffanyAppDataLocalTempupdat.vbs
Md5 : 01C034D0EFFBF218689F6F4678AF63CC -> F:updat.vbs
Md5 : 01C034D0EFFBF218689F6F4678AF63CC -> G:updat.vbs

################## | Comparaison MD5 |

################## | Registre |

Réparé ! HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced|Start_ShowMyGames -> 1
Supprimé! HKUS-1-5-21-2848778757-3075014622-2251656898-1000SoftwareMicrosoftWindowsCurrentVersionRun|updat
Supprimé! HKUS-1-5-21-2848778757-3075014622-2251656898-1000Software….Mountpoints2{107bf5a4-3d09-11e1-a58e-70f1a16a457c}

################## | Listing |

[22/12/2010 – 17:06:48 | SHD ] C:$Recycle.Bin
[11/11/2013 – 13:20:00 | D ] C:AdwCleaner
[26/04/2010 – 06:40:44 | RASH | 8192] C:BOOTSECT.BAK
[08/11/2013 – 15:06:21 | HD ] C:Config.Msi
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[14/09/2013 – 08:44:24 | D ] C:found.000
[08/11/2013 – 19:10:10 | ASH | 2962259968] C:hiberfil.sys
[07/06/2010 – 13:18:01 | D ] C:Intel
[05/05/2012 – 09:36:16 | D ] C:League of Legends
[24/05/2012 – 16:28:10 | RHD ] C:MSOCache
[22/12/2010 – 17:06:40 | D ] C:OEM
[08/11/2013 – 19:10:15 | ASH | 3949682688] C:pagefile.sys
[14/07/2009 – 04:20:08 | D ] C:PerfLogs
[11/11/2013 – 15:52:30 | N | 512] C:PhysicalDisk0_MBR.bin
[09/10/2013 – 18:19:15 | D ] C:Program Files
[11/11/2013 – 13:22:16 | D ] C:Program Files (x86)
[11/11/2013 – 13:05:09 | HD ] C:ProgramData
[09/10/2013 – 18:00:52 | D ] C:Python26
[13/10/2013 – 20:32:06 | D ] C:Python33
[22/12/2010 – 17:06:33 | SHD ] C:Recovery
[07/06/2010 – 13:33:00 | N | 3083] C:RHDSetup.log
[05/05/2012 – 09:37:24 | D ] C:Riot Games
[08/11/2013 – 14:52:38 | SHD ] C:System Volume Information
[11/11/2013 – 16:04:03 | D ] C:UsbFix
[11/11/2013 – 15:55:54 | N | 4477] C:UsbFix [Clean 2] TIFFANY-PC.txt
[11/11/2013 – 16:04:09 | A | 6823] C:UsbFix [Clean 3] TIFFANY-PC.txt
[11/11/2013 – 12:25:00 | N | 8160] C:UsbFix [Scan 1] TIFFANY-PC.txt
[22/12/2010 – 17:06:42 | RD ] C:Users
[08/11/2013 – 15:31:44 | D ] C:wamp
[08/11/2013 – 14:54:24 | D ] C:Windows
[08/01/2011 – 01:27:15 | SHD ] E:$RECYCLE.BIN
[21/02/2011 – 23:58:16 | SHD ] E:System Volume Information
[14/09/2013 – 09:03:41 | D ] E:_Manue
[07/11/2013 – 11:13:14 | D ] F:Cours_QGIS
[07/11/2013 – 11:13:16 | D ] F:Enquête
[07/11/2013 – 11:14:16 | D ] F:SIG
[03/10/2012 – 09:56:44 | D ] G:MapInfo_10.5_FR
[23/10/2013 – 16:02:44 | D ] G:POP_JAPON
[23/10/2013 – 00:51:08 | D ] G:BD_NEIC_NOAA_NGDC
[16/10/2013 – 01:48:02 | D ] G:Dossier_Carto et Stat'_ Japon

################## | Vaccin |

F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |[/spoiler:321suf5n]

Je viens de jeter un coup d’oeil dans mes clés usb et ça a l’air de marcher.
Comment puis-je être sûre que mon PC est clean?
Et comment faire la MAJ de Seven?

Merci beaucoup!