Filtrer ok

Au secours ! "n'est pas une application Win32 valide"

Bonjour à tous!

Je recherche de l'aide sur un sujet qui est apparement du "déja vu". Bien entendu, j'ai fais mes recherches sur le sujet, et à vrai dire, je commence un peu à m'emmeler les pinçeaux ( je suis pas vraiement un crac sur le sujet ).
Le sujet porte sur (comme l'indique le titre!) : "n'est pas une application Win32 valide" lorsque je tente de lancer un anti-virus ou spyware de tout genre. J'ai remarqué le probleme lorsque mon antivirus ne c'est pas lancé au démarrage de ma session. Et en sus, mon PC rame de plus en plus et le ventilo tourne en continue. Ma première conclusion : surement Bagle!
Cela va faire 3 jours que je tente à peu près tous ce que je pu trouver, mais sans résultats. Cela peut-être du au fait que je commence à tout melanger au risque de faire n'importe quoi.
Donc si l'un de vous est près à m'accompagner dans ma tentative de résolution du problème, je suis largement reconnaissant. Parceque là je vais p... un c....

Merci d'avance
 
 
Salut

Essaye de poster un log hijackthis (tutorial)

Si sa fonctionne pas en mode normal, redémarre en mode sans échec
 
 
Salut,

Certainement un Beagle.

Pour vérif:

FindyKill de Chiquitine29

Fais un clique droit sur le lien et choisis ( "enregistrer la cible sous ...." )( , destination le bureau .

( Note importante : si tu as le prg Elibagla sur ton PC , supprimes le ( risque de conflit entre les deux outils )

Entre dans le dossier " FindyKill "

Double clic sur " FindyKill.bat " (et pas sur autre chose!) pour lancer l'outil .

Choisis l'option 1 . Puis laisses travailler ...

Une fois terminé, postes le rapport FindyKill.txt qui est généré ...

Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt

Les-risques-securitaires-du-peer-to-peer

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
 
 
Salut!

Déjà merci pour votre réactivité

Je viens de faire la manip' que tu me propose... résultat : Je crois que c'est du coriace. Hijackthis est aussi non valide pour Win32. Le pire c'est qu'en tentant le mode sans échec, c'est impossible ... je tombe sur le 'remake' du Grand bleu version windows si tu vois ce je veux dire . Je suis qu'en même parvenu dans un mode sans échec, en passant par je ne sais plus trop quoi comme mode, mais je crains que ne soit pas aussi propre que le mode sans échec proprement dit.

Je vais à présent tenter la proposition de goldorak59

A+
 
 
Voilà, pour répondre à Golorak59, le rpport de Findkill :



###################### [ FindyKill V4.715 ]

# User : J?r“me et Sophie - MELIGNON
# Emplacement : C:\Program Files\FindyKill
# Outils Mis a jours 29/01/09 par Chiquitine29
# Recherche effectuée à 17:34:47 le 30/01/2009
# Windows XP - Internet Explorer 6.0.2900.2180

# [ FindyKill V4.715 - Scan ] ##############

\\\\\\\\\\\\\\\\\\\\ [ Processus actifs ] ///////////////////


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\APPS\skype\Phone\Skype.exe
C:\Documents and Settings\Jérôme et Sophie\Application Data\drivers\winupgro.exe
C:\WINDOWS\system32\wintems.exe
C:\Program Files\Labtec NumPad\Magickey.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\APPS\skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jérôme et Sophie\Application Data\m\flec006.exe

\\\\\\\\\\\\\\\\\\ [ Processus infectieux stoppés ] ///////////////////


"C:\Documents and Settings\Jérôme et Sophie\Application Data\drivers\winupgro.exe" (46
"C:\WINDOWS\system32\wintems.exe" (532)
"C:\Documents and Settings\Jérôme et Sophie\Application Data\m\flec006.exe" (2904)


\\\\\\\\\\\\\\\\\\ [ Fichiers/Dossiers infectieux ] ///////////////////


################## [ C:\ ]

Found ! [29/01/2009 19:36] - "C:\Muestras"
Found ! [29/01/2009 22:16] - C:\InfoSat.txt

################## [ C:\WINDOWS ]


################## [ C:\WINDOWS\Prefetch ]

Found ! - C:\WINDOWS\prefetch\1069296.EXE-0F37809E.pf
Found ! - C:\WINDOWS\prefetch\1080062.EXE-2309D214.pf
Found ! - C:\WINDOWS\prefetch\1082750.EXE-0AC8E2F2.pf
Found ! - C:\WINDOWS\prefetch\1219343.EXE-259A8E29.pf
Found ! - C:\WINDOWS\prefetch\1231718.EXE-2D5D8F9A.pf
Found ! - C:\WINDOWS\prefetch\433953.EXE-102EB7E4.pf
Found ! - C:\WINDOWS\prefetch\459156.EXE-372FC4B0.pf
Found ! - C:\WINDOWS\prefetch\561843.EXE-295D5C15.pf
Found ! - C:\WINDOWS\prefetch\573312.EXE-35456C42.pf
Found ! - C:\WINDOWS\prefetch\581046.EXE-1AB67723.pf
Found ! - C:\WINDOWS\prefetch\619859.EXE-2CFB03F8.pf
Found ! - C:\WINDOWS\prefetch\657546.EXE-30F9ACDC.pf
Found ! - C:\WINDOWS\prefetch\804281.EXE-1029A9B1.pf
Found ! - C:\WINDOWS\prefetch\820531.EXE-050C5C34.pf
Found ! - C:\WINDOWS\prefetch\985078.EXE-32C36150.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-38724AD4.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf

################## [ C:\WINDOWS\system32 ]

Found ! [30/01/2009 10:41] - C:\WINDOWS\system32\mdelk.exe
Found ! [30/01/2009 10:41] - C:\WINDOWS\system32\wintems.exe
Found ! [30/01/2009 17:19] - C:\WINDOWS\system32\ban_list.txt

################## [ C:\WINDOWS\system32\drivers ]


################## [ C:\Documents and Settings\J?r“me et Sophie\Application Data ]

Found ! [30/01/2009 17:16] - "C:\Documents and Settings\J?r“me et Sophie\Application Data\m\flec006.exe"
Found ! [30/01/2009 17:17] - "C:\Documents and Settings\J?r“me et Sophie\Application Data\m\list.oct"
Found ! [30/01/2009 17:17] - "C:\Documents and Settings\J?r“me et Sophie\Application Data\m\data.oct"
Found ! [30/01/2009 17:17] - "C:\Documents and Settings\J?r“me et Sophie\Application Data\m\srvlist.oct"
Found ! [30/01/2009 17:19] - "C:\Documents and Settings\J?r“me et Sophie\Application Data\m\shared"
Found ! [30/01/2009 10:35] - "C:\Documents and Settings\J?r“me et Sophie\Application Data\m"
Found ! [30/01/2009 10:24] - "C:\Documents and Settings\J?r“me et Sophie\Application Data\drivers"
Found ! [30/01/2009 17:09] - "C:\Documents and Settings\J?r“me et Sophie\Application Data\drivers\srosa2.sys"
Found ! [30/01/2009 17:09] - "C:\Documents and Settings\J?r“me et Sophie\Application Data\drivers\wfsintwq.sys"
Found ! [11/09/2005 02:06] - "C:\Documents and Settings\J?r“me et Sophie\Application Data\drivers\winupgro.exe"
Found ! [30/01/2009 17:23] - "C:\Documents and Settings\J?r“me et Sophie\Application Data\drivers\downld"

################## [ C:\DOCUME~1\JRMEET~1\LOCALS~1\Temp ]


\\\\\\\\\\\\\\\\\\ [ Registre / Startup ] ///////////////////

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
WOOKIT=C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
Skype="C:\APPS\skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
WOOWATCH=C:\PROGRA~1\Wanadoo\Watch.exe
WOOTASKBARICON=C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
STDSB=C:\WINDOWS\system32\drivers\STDSB.exe
Raccourci vers la page des propriétés de High Definition Audio=HDAShCut.exe
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
PCMService="c:\Apps\Powercinema\PCMService.exe"
NWEReboot=
IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
igfxtray=C:\WINDOWS\system32\igfxtray.exe
igfxpers=C:\WINDOWS\system32\igfxpers.exe
igfxhkcmd=C:\WINDOWS\system32\hkcmd.exe
Icon=C:\WINDOWS\system32\drivers\Icon.exe
AzMixerSel=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
RTHDCPL=RTHDCPL.EXE
Alcmtr=ALCMTR.EXE
KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1

[HKEY_CURRENT_USER\software\local appwizard-generated applications\serial]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Watch]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

\\\\\\\\\\\\\\\\\\ [ Registre / Clés infectieuses ] ///////////////////


Found ! - HKEY_USERS\S-1-5-21-2152261890-3471989487-3052476579-1006\Software\Local AppWizard-Generated Applications\serial
Found ! - HKEY_USERS\S-1-5-21-2152261890-3471989487-3052476579-1006\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-2152261890-3471989487-3052476579-1006\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-2152261890-3471989487-3052476579-1006\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-2152261890-3471989487-3052476579-1006\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-2152261890-3471989487-3052476579-1006\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-2152261890-3471989487-3052476579-1006\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\serial
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | drvsyskit
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | german.exe
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | mule_st_key

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

\\\\\\\\\\\\\\\\\\ [ Etat / Services ] ///////////////////

# Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

/!\ Mode sans echec non fonctionnel !!

# Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

/!\ Mode sans echec non fonctionnel !!

# Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

/!\ Mode sans echec non fonctionnel !!


# Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - # Type de démarrage = 4

/!\ Ip6Fw - # Type de démarrage = 4

/!\ SharedAccess - # Type de démarrage = 4

/!\ wuauserv - # Type de démarrage = 4

/!\ wscsvc - # Type de démarrage = 4


\\\\\\\\\\\\\\\\\\ [ Recherche dans supports amovibles] ///////////////////


# Informations :

C: - Lecteur fixe


# presence des fichiers :



\\\\\\\\\\\\\\\\\\ [ Registre / Mountpoint2 ] ///////////////////


-> Not found !


################## [ ! Fin du rapport # FindyKill V4.715 ! ]

 
 
Re,

Findykill de chiquitine29 option 2

Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir

Double-clique sur le raccourci FindyKill sur ton bureau

Au menu principal, l'option 2 (Suppression)

/!\ Il y aura 1 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

Ensuite, poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
 
 
Re !

Aïe ! Findyfill plante à l'option 2 au moment de lancer la suppression. Je tombe sur un écran bleu comme quoi il faut redémarrer et 'patati et patata'... Le message signale apparement qu'un problème viendrait du fichier wfsintwq.sys. Pas de rapport findykill généré.
Si ça peut aider

A+
 
 
Re,

Tente la manip en mode sans échec STP.

merci
 
 
Re,

voilà le rapport :




###################### [ FindyKill V4.715 ]

# User : J?r“me et Sophie - MELIGNON
# Executed from : C:\Program Files\FindyKill
# Update on 29/01/09Nby Chiquitine29
# Start at 13:10:49 the 31/01/2009
# Windows XP - Internet Explorer 6.0.2900.2180

# [ FindyKill V4.715 - Deleting ] ###############

\\\\\\\\\\\\\\\\\\ [ Active Processes ] ///////////////////


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\FTRTSVC.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe

\\\\\\\\\\\\\\\\\\ [ Infected Files / Folders ] ///////////////////


################## [ C:\ ]

Deleted ! - "C:\Muestras"
Deleted ! - C:\InfoSat.txt

################## [ C:\WINDOWS ]


################## [ C:\WINDOWS\Prefetch ]

Deleted ! - C:\WINDOWS\prefetch\1069296.EXE-0F37809E.pf
Deleted ! - C:\WINDOWS\prefetch\1080062.EXE-2309D214.pf
Deleted ! - C:\WINDOWS\prefetch\1082750.EXE-0AC8E2F2.pf
Deleted ! - C:\WINDOWS\prefetch\1219343.EXE-259A8E29.pf
Deleted ! - C:\WINDOWS\prefetch\1231718.EXE-2D5D8F9A.pf
Deleted ! - C:\WINDOWS\prefetch\3108703.EXE-347D4970.pf
Deleted ! - C:\WINDOWS\prefetch\3118375.EXE-0AD90CD2.pf
Deleted ! - C:\WINDOWS\prefetch\433953.EXE-102EB7E4.pf
Deleted ! - C:\WINDOWS\prefetch\442609.EXE-3B1CA8AC.pf
Deleted ! - C:\WINDOWS\prefetch\459156.EXE-372FC4B0.pf
Deleted ! - C:\WINDOWS\prefetch\463000.EXE-1F50B04A.pf
Deleted ! - C:\WINDOWS\prefetch\561843.EXE-295D5C15.pf
Deleted ! - C:\WINDOWS\prefetch\573312.EXE-35456C42.pf
Deleted ! - C:\WINDOWS\prefetch\581046.EXE-1AB67723.pf
Deleted ! - C:\WINDOWS\prefetch\619859.EXE-2CFB03F8.pf
Deleted ! - C:\WINDOWS\prefetch\657546.EXE-30F9ACDC.pf
Deleted ! - C:\WINDOWS\prefetch\680265.EXE-220BF74E.pf
Deleted ! - C:\WINDOWS\prefetch\804281.EXE-1029A9B1.pf
Deleted ! - C:\WINDOWS\prefetch\820531.EXE-050C5C34.pf
Deleted ! - C:\WINDOWS\prefetch\985078.EXE-32C36150.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-38724AD4.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-238AA5EF.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf

################## [ C:\WINDOWS\system32 ]

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

################## [ C:\WINDOWS\system32\drivers ]


################## [ C:\Documents and Settings\J?r“me et Sophie\Application Data ]

Deleted ! - "C:\Documents and Settings\J?r“me et Sophie\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\J?r“me et Sophie\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\J?r“me et Sophie\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\J?r“me et Sophie\Application Data\m\srvlist.oct"
Deleted ! - "C:\Documents and Settings\J?r“me et Sophie\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\J?r“me et Sophie\Application Data\m"
Deleted ! - "C:\Documents and Settings\J?r“me et Sophie\Application Data\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\J?r“me et Sophie\Application Data\drivers\wfsintwq.sys"
Deleted ! - "C:\Documents and Settings\J?r“me et Sophie\Application Data\drivers\winupgro.exe"
Deleted ! - "C:\Documents and Settings\J?r“me et Sophie\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\J?r“me et Sophie\Application Data\drivers"

################## [ C:\DOCUME~1\JRMEET~1\LOCALS~1\Temp ]


################## [ C:\Documents and Settings\J?r“me et Sophie\Local Settings\Temporary Internet Files\Content.IE5 ]

Deleted ! - C:\Documents and Settings\J?r“me et Sophie\Local Settings\Temporary Internet Files\Content.IE5\GPQF4HYV\b64[1].jpg
Deleted ! - C:\Documents and Settings\J?r“me et Sophie\Local Settings\Temporary Internet Files\Content.IE5\GPQF4HYV\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\J?r“me et Sophie\Local Settings\Temporary Internet Files\Content.IE5\GPQF4HYV\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\J?r“me et Sophie\Local Settings\Temporary Internet Files\Content.IE5\KTM741CZ\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\J?r“me et Sophie\Local Settings\Temporary Internet Files\Content.IE5\KTM741CZ\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\J?r“me et Sophie\Local Settings\Temporary Internet Files\Content.IE5\KTM741CZ\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\J?r“me et Sophie\Local Settings\Temporary Internet Files\Content.IE5\KTM741CZ\mxd[1].jpg
Deleted ! - C:\Documents and Settings\J?r“me et Sophie\Local Settings\Temporary Internet Files\Content.IE5\KTM741CZ\servernames[1].htm
Deleted ! - C:\Documents and Settings\J?r“me et Sophie\Local Settings\Temporary Internet Files\Content.IE5\P3DMKX76\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\J?r“me et Sophie\Local Settings\Temporary Internet Files\Content.IE5\P3DMKX76\servernames[1].htm
Deleted ! - C:\Documents and Settings\J?r“me et Sophie\Local Settings\Temporary Internet Files\Content.IE5\XYGCN6CY\mxd[1].jpg

\\\\\\\\\\\\\\\\\\ [ Registry / Infected keys ] ///////////////////

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_USERS\S-1-5-21-2152261890-3471989487-3052476579-1006\Software\Local AppWizard-Generated Applications\serial
Deleted ! - HKEY_USERS\S-1-5-21-2152261890-3471989487-3052476579-1006\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-2152261890-3471989487-3052476579-1006\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-2152261890-3471989487-3052476579-1006\Software\MuleAppData

\\\\\\\\\\\\\\\\\\ [ States / Restarting of services ] ///////////////////

# Safe boot mode restored !

# Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - # Type of startup = 3

Ip6Fw - # Type of startup = 2

SharedAccess - # Type of startup = 2

wuauserv - # Type of startup = 2

wscsvc - # Type of startup = 2


\\\\\\\\\\\\\\\\\\ [ Cleaning Removable drives ] ///////////////////

# Informations :

C: - Lecteur fixe
E: - Lecteur fixe

# deleting files :

Deleted ! - E:\autorun.inf

\\\\\\\\\\\\\\\\\\ [ Registry / Mountpoint2 ] ///////////////////


-> Not found !


\\\\\\\\\\\\\\\\\\ [ Searching Other Infections ] ///////////////////

Références de comparaison Bagle MD5 :

7b531e0a C:\Documents and Settings\J?r“me et Sophie\Application Data\drivers\winupgro.exe
5e00879c62ddb84702e7c3a17b3ed5f8 C:\Documents and Settings\J?r“me et Sophie\Application Data\drivers\winupgro.exe

Suspect ! - 5e00879c62ddb84702e7c3a17b3ed5f8 C:\Program Files\Wanadoo\Watch.exe




Je crois que ça a fait le ménage. Le PC ne mouline plus et j'ai pu réinstaller mon anti-virus.
Si Findykill à suffit pour régler le problème, je vous remercie déjà tout les deux pour votre aide.
 
 
Re,

Très bien:

Combofix. Attention,ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts...

Fais exactement ce qui suit :

Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !):
Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide :

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation (si jamais tu en as et que je ne les ai pas vu sur le rapport hijackthis....)

---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

--->Je te conseil d'installer la console de récupération.(Voir le tutoriel).

Tuto ici : TUTO
---------------------------------------------------------------------------------------------------------------------------------

Ensuite:

Double-clique sur C-Fix.exe (= combofix.exe ) .

Appuie sur une touche pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp
 
 
Bonsoir,
J'ai aussi un problème "n'est pas une application Win32 valide". Cela a effacé et désactivé mes points de restauration, et mon antivirus n'a rien détecté. J'ai alors exécuté Combofix,selon vos conseils, et voici mon rapport:

ComboFix 18-03-14.01 - Ir Enock Google 25/03/2018 7:27.1.2 - x64
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.3982.2511 [GMT 1:00]
Lancé depuis: c:usersIr Enock GoogleDesktopComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:bootssyswin.exe
crogramdataMicrosoftWindowsDeep Layers
crogramdataMicrosoftWindowsDeep LayersIcon.ico
crogramdataMicrosoftWindowsDeep Layerslua5.1.dll
crogramdataMicrosoftWindowsDeep Layerslua51.dll
crogramdataMicrosoftWindowsDeep LayersResourcedat01ap1.dat
crogramdataMicrosoftWindowsDeep LayersResourcedat01ap2.dat
crogramdataMicrosoftWindowsDeep LayersResourcedat01ap3.dat
crogramdataMicrosoftWindowsDeep LayersResourcedat01ap4.dat
crogramdataMicrosoftWindowsDeep LayersResourcedat01ap5.dat
crogramdataMicrosoftWindowsDeep LayersResourceIconsIcon.ico
crogramdataMicrosoftWindowsDeep Layerswinver.cdd
crogramdataMicrosoftWindowsDeep Layerswinver.exe
C:WindowsGABRIOLA.tt2
d:mes documentsDebugLogJSON.log
E:install.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2018-02-25 au 2018-03-25 ))))))))))))))))))))))))))))))))))))
.
.
2018-03-25 06:50 . 2018-03-25 06:50 -------- d-----w- c:usersDefaultAppDataLocaltemp
2018-03-24 17:15 . 2018-03-24 17:15 -------- d-----w- crogram files (x86)Micro Application
2018-03-24 16:28 . 2018-03-24 16:38 -------- d-----w- crogram filesEasy 7-Zip
2018-03-22 06:05 . 2018-03-22 06:05 -------- d-----w- crogramdataSWCUTemp
2018-03-17 12:15 . 2018-03-25 06:48 -------- d-----w- C:boots
2018-03-12 21:40 . 2018-03-12 21:40 463536 ----a-w- crogram files (x86)Common FilesMicrosoft SharedOFFICE16LICLUA.EXE
2018-03-12 21:39 . 2018-03-12 21:39 29872 ----a-w- crogram files (x86)Common FilesMicrosoft SharedOFFICE16Office Setup Controllerpkeyconfig.companion.dll
2018-03-12 21:28 . 2018-03-12 21:28 211632 ----a-w- crogram files (x86)Common FilesMicrosoft SharedSource EngineOSE.EXE
2018-03-12 12:56 . 2018-03-12 12:56 -------- d-----w- c:usersIr Enock GoogleAppDataRoamingHD Tune Pro
2018-03-12 12:54 . 2018-03-12 12:54 -------- d-----w- crogram files (x86)HD Tune Pro
2018-03-03 17:48 . 2018-03-03 17:48 -------- d-----w- crogram files (x86)Freemake
2018-02-27 06:44 . 2011-05-06 07:19 70344 ----a-w- c:windowssystem32driversCBDisk.sys
2018-02-27 06:44 . 2013-11-04 09:02 41800 ----a-w- c:windowssystem32driversMDPMGRNT.SYS
2018-02-27 06:43 . 2018-02-27 06:43 -------- d-----w- crogram files (x86)Mediafour
2018-02-27 06:43 . 2018-02-27 11:34 -------- d-----w- crogram filesCommon FilesMediafour
2018-02-27 06:43 . 2018-02-27 06:43 -------- d-----w- crogram files (x86)Common FilesMediafour
2018-02-27 06:43 . 2018-02-27 06:43 -------- d-----w- crogramdataMediafour
2018-02-27 06:43 . 2018-02-27 06:43 -------- d-----w- crogram filesMediafour
2018-02-27 04:53 . 2018-03-17 12:20 -------- d-----w- crogramdataHP Photo Creations
2018-02-27 04:53 . 2018-02-27 04:53 -------- d-----w- crogram files (x86)HP Photo Creations
2018-02-27 04:53 . 2018-02-27 04:53 -------- d-----w- crogramdataVisan
2018-02-27 04:51 . 2018-03-06 05:50 -------- d-----w- c:usersIr Enock GoogleAppDataRoamingHpUpdate
2018-02-27 04:49 . 2012-10-17 03:31 741480 ------w- c:windowssystem32HPDiscoPMa111.dll
2018-02-27 04:47 . 2018-02-27 04:47 -------- d-----w- crogramdataHP
2018-02-27 04:47 . 2018-02-27 04:51 -------- d-----w- crogram files (x86)HP
2018-02-27 04:47 . 2018-02-27 04:47 -------- d-----w- crogram filesHP
2018-02-27 04:39 . 2018-02-27 05:01 -------- d-----w- c:usersIr Enock GoogleAppDataLocalHP
2018-02-25 04:57 . 2018-02-25 04:57 -------- d-----w- crogram files (x86)Common FilesJava
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-03-18 20:30 . 2017-03-11 22:38 804352 ----a-w- c:windowsSysWow64FlashPlayerApp.exe
2018-03-18 20:30 . 2017-03-11 22:38 144896 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl
2018-03-17 06:01 . 2017-03-11 23:35 3465904 ----a-w- crogramdataMicrosoftClickToRun{9AC08E99-230B-47e8-9721-4577B7F124EA}integrator.exe
2018-03-04 15:19 . 2017-12-15 23:55 130067560 -c--a-w- c:windowssystem32MRT-KB890830.exe
2018-03-04 15:18 . 2017-04-02 01:23 130067560 -c--a-w- c:windowssystem32MRT.exe
2018-02-25 04:59 . 2017-03-11 22:37 110144 ----a-w- c:windowssystem32WindowsAccessBridge-64.dll
2018-02-25 04:54 . 2017-09-03 16:35 97344 ----a-w- c:windowsSysWow64WindowsAccessBridge-32.dll
2018-02-23 00:22 . 2018-02-03 01:35 899184 ----a-w- crogramdataMicrosofteHomePackagesMCEClientUXUpdateableMarkupmarkup.dll
2018-02-23 00:22 . 2018-02-03 01:35 42168 ----a-w- crogramdataMicrosofteHomePackagesMCEClientUXdSMStartResources.dll
2018-02-23 00:22 . 2018-02-03 01:34 639312 ----a-w- crogramdataMicrosofteHomePackagesMCESpotlightMCESpotlightSpotlightResources.dll
2018-02-15 22:01 . 2018-02-15 22:01 899184 ----a-w- crogramdataMicrosofteHomePackagesMCEClientUXUpdateableMarkup-2markup.dll
2018-02-15 22:00 . 2018-02-15 22:00 42168 ----a-w- crogramdataMicrosofteHomePackagesMCEClientUXdSM-2StartResources.dll
2018-02-15 22:00 . 2018-02-15 22:00 639312 ----a-w- crogramdataMicrosofteHomePackagesMCESpotlightMCESpotlight-2SpotlightResources.dll
2018-02-03 01:40 . 2017-03-11 22:19 457896 ----a-w- c:windowssystem32driversaswSP.sys
2018-02-03 01:40 . 2017-03-11 22:19 146648 ----a-w- c:windowssystem32driversaswMonFlt.sys
2018-02-03 01:35 . 2017-03-11 22:19 204456 ----a-w- c:windowssystem32driversaswStm.sys
2018-02-03 01:35 . 2017-03-11 22:19 358672 ----a-w- c:windowssystem32driversaswVmm.sys
2018-02-03 01:35 . 2017-03-11 22:19 84384 ----a-w- c:windowssystem32driversaswRvrt.sys
2018-02-03 01:35 . 2018-02-09 07:29 365680 ----a-w- c:windowssystem32aswBoot.exe
2018-02-03 01:35 . 2018-02-03 01:38 185096 ----a-w- c:windowssystem32driversaswArPot.sys
2018-02-03 01:35 . 2017-03-11 22:19 46976 ----a-w- c:windowssystem32driversaswHwid.sys
2018-02-03 01:35 . 2017-03-11 22:19 110336 ----a-w- c:windowssystem32driversaswRdr2.sys
2018-02-03 01:33 . 2017-03-11 22:19 1025176 ----a-w- c:windowssystem32driversaswSnx.sys
2018-02-03 01:32 . 2018-02-03 01:38 149344 ----a-w- c:windowssystem32driversaswHdsKe.sys
2018-02-03 01:32 . 2017-04-21 01:36 57696 ----a-w- c:windowssystem32driversaswbuniva.sys
2018-02-03 01:32 . 2017-04-21 01:36 343768 ----a-w- c:windowssystem32driversaswbloga.sys
2018-02-03 01:32 . 2017-04-21 01:36 199448 ----a-w- c:windowssystem32driversaswbidsha.sys
2018-02-03 01:32 . 2017-04-21 01:36 321512 ----a-w- c:windowssystem32driversaswbidsdrivera.sys
2018-01-03 01:36 . 2018-01-03 01:36 83792 ----a-w- c:windowsSysWow64vcruntime140.dll
2018-01-03 01:36 . 2018-01-03 01:36 440128 ----a-w- c:windowsSysWow64msvcp140.dll
2018-01-03 01:36 . 2018-01-03 01:36 263856 ----a-w- c:windowsSysWow64vccorlib140.dll
2018-01-03 01:36 . 2018-01-03 01:36 242496 ----a-w- c:windowsSysWow64concrt140.dll
2018-01-03 01:24 . 2018-01-03 01:24 87728 ----a-w- c:windowssystem32vcruntime140.dll
2018-01-03 01:24 . 2018-01-03 01:24 641696 ----a-w- c:windowssystem32msvcp140.dll
2018-01-03 01:24 . 2018-01-03 01:24 389296 ----a-w- c:windowssystem32vccorlib140.dll
2018-01-03 01:24 . 2018-01-03 01:24 331432 ----a-w- c:windowssystem32concrt140.dll
2018-01-02 03:35 . 2018-01-02 03:37 1001472 ----a-w- c:windowssystem32driversmod7700.sys
2018-01-02 03:35 . 2018-01-02 03:37 98816 ----a-w- c:windowssystem32driversew_jucdcacm.sys
2018-01-02 03:35 . 2018-01-02 03:37 86016 ----a-w- c:windowssystem32driversew_jubusenum.sys
2018-01-02 03:35 . 2018-01-02 03:37 69632 ----a-w- c:windowssystem32driversew_jucdcecm.sys
2018-01-02 03:35 . 2018-01-02 03:37 421376 ----a-w- c:windowssystem32driversewusbwwan.sys
2018-01-02 03:35 . 2018-01-02 03:37 32768 ----a-w- c:windowssystem32driversewdcsc.sys
2018-01-02 03:35 . 2018-01-02 03:37 28672 ----a-w- c:windowssystem32driversew_juextctrl.sys
2018-01-02 03:35 . 2018-01-02 03:37 221312 ----a-w- c:windowssystem32driversewusbmdm.sys
2018-01-02 03:35 . 2018-01-02 03:37 22016 ----a-w- c:windowssystem32driversew_hwupgrade.sys
2018-01-02 03:35 . 2018-01-02 03:37 212992 ----a-w- c:windowssystem32driversew_juwwanecm.sys
2018-01-02 03:35 . 2018-01-02 03:37 1490656 ----a-w- c:windowssystem32WdfCoInstaller01007.dll
2018-01-02 03:35 . 2018-01-02 03:37 13952 ----a-w- c:windowssystem32driversew_usbenumfilter.sys
2018-01-02 03:35 . 2018-01-02 03:37 117248 ----a-w- c:windowssystem32driversew_hwusbdev.sys
2018-01-02 03:35 . 2017-04-21 00:56 1490656 ----a-w- c:windowssystem32driversWdfCoInstaller01007.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOTCLSID{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2018-03-17 06:10 2197680 ----a-w- crogram files (x86)Microsoft OfficerootOffice16GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOTCLSID{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2018-03-17 06:10 2197680 ----a-w- crogram files (x86)Microsoft OfficerootOffice16GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOTCLSID{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2018-03-17 06:10 2197680 ----a-w- crogram files (x86)Microsoft OfficerootOffice16GROOVEEX.DLL
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"IDMan"="crogram files (x86)Internet Download ManagerIDMan.exe" [2016-12-15 4001848]
"uTorrent"="c:usersIr Enock GoogleAppDataRoaminguTorrentuTorrent.exe" [2018-03-21 0]
"CCleaner Monitoring"="crogram filesCCleanerCCleaner64.exe" [2018-02-07 10290608]
.
[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]
"ASUS Ai Charger"="crogram files (x86)ASUSASUS Ai ChargerAiChargerAP.exe" [2012-08-13 547984]
"HP Software Update"="crogram files (x86)HpHP Software UpdateHPWuSchd2.exe" [2013-05-30 96056]
.
c:usersIr Enock GoogleAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Alertes de surveillance de l'encre - HP Photosmart 5510 series.lnk - c:windowssystem32RunDll32.exe "crogram filesHPHP Photosmart 5510 seriesbinHPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN17B080WB05NR;CONNECTION=USB;MONITOR=1; [2017-9-29 46080]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 aswStm;aswStm;c:windowssystem32driversaswStm.sys;c:windowsSYSNATIVEdriversaswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [x]
R2 TigoNet. RunOuc;TigoNet. OUC;crogram files (x86)TigoNetUpdateDogouc.exe;crogram files (x86)TigoNetUpdateDogouc.exe [x]
R3 aswbIDSAgent;aswbIDSAgent;crogram filesAVAST SoftwareAvastx64aswidsagenta.exe;crogram filesAVAST SoftwareAvastx64aswidsagenta.exe [x]
R3 aswHwid;aswHwid;c:windowssystem32driversaswHwid.sys;c:windowsSYSNATIVEdriversaswHwid.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:windowssystem32DRIVERSssudbus.sys;c:windowsSYSNATIVEDRIVERSssudbus.sys [x]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:windowssystem32DRIVERSdtlitescsibus.sys;c:windowsSYSNATIVEDRIVERSdtlitescsibus.sys [x]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:windowssystem32DRIVERSdtliteusbbus.sys;c:windowsSYSNATIVEDRIVERSdtliteusbbus.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:windowssystem32DRIVERSew_hwusbdev.sys;c:windowsSYSNATIVEDRIVERSew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:windowssystem32DRIVERSewusbwwan.sys;c:windowsSYSNATIVEDRIVERSewusbwwan.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:windowssystem32DRIVERSewusbnet.sys;c:windowsSYSNATIVEDRIVERSewusbnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:windowssystem32DRIVERSewusbdev.sys;c:windowsSYSNATIVEDRIVERSewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:windowssystem32IEEtwCollector.exe;c:windowsSYSNATIVEIEEtwCollector.exe [x]
R3 IntcDAud;Son Intel(R) pour écrans;c:windowssystem32DRIVERSIntcDAud.sys;c:windowsSYSNATIVEDRIVERSIntcDAud.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:windowssystem32DRIVERSnetaapl64.sys;c:windowsSYSNATIVEDRIVERSnetaapl64.sys [x]
R3 orange_zte_cdc_acm;ZTE Orange CDC-ACM driver;c:windowssystem32DRIVERSorange_zte_cdc_acm.sys;c:windowsSYSNATIVEDRIVERSorange_zte_cdc_acm.sys [x]
R3 orange_zte_cdc_ecm;orange_zte_cdc_ecm;c:windowssystem32DRIVERSorange_zte_cdc_ecm.sys;c:windowsSYSNATIVEDRIVERSorange_zte_cdc_ecm.sys [x]
R3 orange_zte_ecm_enum;ZTE Orange DC Enumerator;c:windowssystem32DRIVERSorange_zte_ecm_enum.sys;c:windowsSYSNATIVEDRIVERSorange_zte_ecm_enum.sys [x]
R3 orange_zte_ecm_enum_filter;orange_zte_ecm_enum_filter;c:windowssystem32DRIVERSorange_zte_ecm_enum_filter.sys;c:windowsSYSNATIVEDRIVERSorange_zte_ecm_enum_filter.sys [x]
R3 orange_zte_wcpo;ZTE Orange Install;c:windowssystem32DRIVERSorange_zte_wcpo.sys;c:windowsSYSNATIVEDRIVERSorange_zte_wcpo.sys [x]
R3 Revoflt;Revoflt;c:windowssystem32DRIVERSrevoflt.sys;c:windowsSYSNATIVEDRIVERSrevoflt.sys [x]
R3 RTSUER;Realtek USB Card Reader - UER;c:windowssystem32DriversRtsUer.sys;c:windowsSYSNATIVEDriversRtsUer.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:windowssystem32DRIVERSssudmdm.sys;c:windowsSYSNATIVEDRIVERSssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys;c:windowsSYSNATIVEdriverstsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:windowssystem32Driversusbaapl64.sys;c:windowsSYSNATIVEDriversusbaapl64.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:windowssystem32WatWatAdminSvc.exe;c:windowsSYSNATIVEWatWatAdminSvc.exe [x]
S0 aswbidsh;aswbidsh;c:windowssystem32driversaswbidsha.sys;c:windowsSYSNATIVEdriversaswbidsha.sys [x]
S0 aswblog;aswblog;c:windowssystem32driversaswbloga.sys;c:windowsSYSNATIVEdriversaswbloga.sys [x]
S0 aswbuniv;aswbuniv;c:windowssystem32driversaswbuniva.sys;c:windowsSYSNATIVEdriversaswbuniva.sys [x]
S0 aswRvrt;aswRvrt;c:windowssystem32driversaswRvrt.sys;c:windowsSYSNATIVEdriversaswRvrt.sys [x]
S0 aswVmm;aswVmm;c:windowssystem32driversaswVmm.sys;c:windowsSYSNATIVEdriversaswVmm.sys [x]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive Partition Driver;c:windowssystem32DRIVERSMDPMGRNT.SYS;c:windowsSYSNATIVEDRIVERSMDPMGRNT.SYS [x]
S0 MDRAID;MacDrive RAID Bus Driver;c:windowssystem32DRIVERSMDRAID.sys;c:windowsSYSNATIVEDRIVERSMDRAID.sys [x]
S1 aswArPot;aswArPot;c:windowssystem32driversaswArPot.sys;c:windowsSYSNATIVEdriversaswArPot.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:windowssystem32driversaswbidsdrivera.sys;c:windowsSYSNATIVEdriversaswbidsdrivera.sys [x]
S1 aswHdsKe;aswHdsKe;c:windowssystem32driversaswHdsKe.sys;c:windowsSYSNATIVEdriversaswHdsKe.sys [x]
S1 aswKbd;aswKbd;c:windowssystem32driversaswKbd.sys;c:windowsSYSNATIVEdriversaswKbd.sys [x]
S1 aswSnx;aswSnx;c:windowssystem32driversaswSnx.sys;c:windowsSYSNATIVEdriversaswSnx.sys [x]
S1 aswSP;aswSP;c:windowssystem32driversaswSP.sys;c:windowsSYSNATIVEdriversaswSP.sys [x]
S1 CBDisk;CBDisk;c:windowssystem32driversCBDisk.sys;c:windowsSYSNATIVEdriversCBDisk.sys [x]
S1 cnnctfy3;Connectify LightWeight Filter;c:windowssystem32DRIVERScnnctfy3.sys;c:windowsSYSNATIVEDRIVERScnnctfy3.sys [x]
S1 VBoxDrv;VirtualBox Service;c:windowssystem32DRIVERSVBoxDrv.sys;c:windowsSYSNATIVEDRIVERSVBoxDrv.sys [x]
S1 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service;c:windowssystem32DRIVERSVBoxNetAdp6.sys;c:windowsSYSNATIVEDRIVERSVBoxNetAdp6.sys [x]
S1 VBoxNetLwf;VirtualBox NDIS6 Bridged Networking Service;c:windowssystem32DRIVERSVBoxNetLwf.sys;c:windowsSYSNATIVEDRIVERSVBoxNetLwf.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:windowssystem32DRIVERSVBoxUSBMon.sys;c:windowsSYSNATIVEDRIVERSVBoxUSBMon.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;crogram filesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe;crogram filesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe [x]
S2 aswMonFlt;aswMonFlt;c:windowssystem32driversaswMonFlt.sys;c:windowsSYSNATIVEdriversaswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;crogram files (x86)Bluetooth Suiteadminservice.exe;crogram files (x86)Bluetooth Suiteadminservice.exe [x]
S2 CG6Service;CyberGhost 6 Service;crogram filesCyberGhost 6CyberGhost.Service.exe;crogram filesCyberGhost 6CyberGhost.Service.exe [x]
S2 ClickToRunSvc;Service Microsoft Office « Démarrer en un clic »;crogram filesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe;crogram filesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [x]
S2 Connectify;Connectify;crogram files (x86)ConnectifyConnectifyService.exe;crogram files (x86)ConnectifyConnectifyService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:windowsSystem32svchost.exe;c:windowsSYSNATIVEsvchost.exe [x]
S2 FoxitReaderService;Foxit Reader Service;crogram files (x86)Foxit SoftwareFoxit ReaderFoxitConnectedPDFService.exe;crogram files (x86)Foxit SoftwareFoxit ReaderFoxitConnectedPDFService.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;crogramdataDatacardServiceHWDeviceService64.exe;crogramdataDatacardServiceHWDeviceService64.exe [x]
S2 IDMWFP;IDMWFP;c:windowssystem32DRIVERSidmwfp.sys;c:windowsSYSNATIVEDRIVERSidmwfp.sys [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:windowssystem32igfxCUIService.exe;c:windowsSYSNATIVEigfxCUIService.exe [x]
S2 InternetEverywhere_Service;InternetEverywhere_Service;crogram files (x86)InternetEverywhereInternetEverywhere_Service.exe;crogram files (x86)InternetEverywhereInternetEverywhere_Service.exe [x]
S2 MacDrive9Service;MacDrive 9 service;crogram filesMediafourMacDrive 9MacDrive9Service.exe;crogram filesMediafourMacDrive 9MacDrive9Service.exe [x]
S2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;crogram filesNitroPro 9NitroPDFDriverService9x64.exe;crogram filesNitroPro 9NitroPDFDriverService9x64.exe [x]
S2 NitroUpdateService;NitroUpdateService;crogram filesNitroPro 9Nitro_UpdateService.exe;crogram filesNitroPro 9Nitro_UpdateService.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:windowsSysWOW64NLSSRV32.EXE;c:windowsSysWOW64NLSSRV32.EXE [x]
S2 PfFilter;PfFilter;crogram files (x86)IObitProtected Folderpffilter.sys;crogram files (x86)IObitProtected Folderpffilter.sys [x]
S2 WsAppService;Wondershare Application Framework Service;crogram files (x86)WondershareWAF2.4.3.227WsAppService.exe;crogram files (x86)WondershareWAF2.4.3.227WsAppService.exe [x]
S3 AiCharger;AiCharger;SysWow64driversAiCharger.sys;SysWow64driversAiCharger.sys [x]
S3 BtFilter;BtFilter;c:windowssystem32DRIVERSbtfilter.sys;c:windowsSYSNATIVEDRIVERSbtfilter.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:windowssystem32DRIVERSew_jubusenum.sys;c:windowsSYSNATIVEDRIVERSew_jubusenum.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt64win7.sys;c:windowsSYSNATIVEDRIVERSRt64win7.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:windowssystem32DRIVERStaphss6.sys;c:windowsSYSNATIVEDRIVERStaphss6.sys [x]
.
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionsvchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
Contenu du dossier 'Tâches planifiées'
.
2018-03-25 c:windowsTasksiToolsDaemon.job
- crogram files (x86)ThinkSkyiTools 3iToolsDaemon.exe [2018-01-07 23:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOTCLSID{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 14:52 25624 ----a-w- crogram files (x86)Internet Download ManagerIDMShellExt64.dll
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOTCLSID{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2018-03-17 06:21 3207856 ----a-w- crogram files (x86)Microsoft OfficerootVFSProgramFilesX64Microsoft OfficeOffice16GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOTCLSID{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2018-03-17 06:21 3207856 ----a-w- crogram files (x86)Microsoft OfficerootVFSProgramFilesX64Microsoft OfficeOffice16GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOTCLSID{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2018-03-17 06:21 3207856 ----a-w- crogram files (x86)Microsoft OfficerootVFSProgramFilesX64Microsoft OfficeOffice16GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers0asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers0avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOTCLSID{472083B0-C522-11CF-8763-00608CC02F24}]
2018-02-03 01:35 1757400 ----a-w- crogram filesAVAST SoftwareAvastashShA64.dll
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers0asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers0avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOTCLSID{472083B0-C522-11CF-8763-00608CC02F24}]
2018-02-03 01:35 1757400 ----a-w- crogram filesAVAST SoftwareAvastashShA64.dll
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersMacDriveVolumeIcon]
@="{6B21AF46-EE37-40D0-A707-C06C17D06CE9}"
[HKEY_CLASSES_ROOTCLSID{6B21AF46-EE37-40D0-A707-C06C17D06CE9}]
2013-11-01 13:14 238456 ----a-w- crogram filesMediafourMacDrive 9MDVolumeIcons.dll
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersMacDriveVolumeIconReadOnly]
@="{E9BC4DCA-0A4E-4C65-9D40-621C9D0CDC5F}"
[HKEY_CLASSES_ROOTCLSID{E9BC4DCA-0A4E-4C65-9D40-621C9D0CDC5F}]
2013-11-01 13:14 238456 ----a-w- crogram filesMediafourMacDrive 9MDVolumeIcons.dll
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"AvastUI.exe"="crogram filesAVAST SoftwareAvastAvLaunch.exe" [2018-02-03 246120]
.
------- Examen supplémentaire -------
.
uLocal Page = c:windowssystem32blank.htm
uStart Page = google.cd...
mLocal Page = c:windowsSysWOW64blank.htm
IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200
IE: E&xport to Microsoft Excel - crogram files (x86)Microsoft OfficeRootOffice16EXCEL.EXE/3000
IE: Se&nd to OneNote - crogram files (x86)Microsoft OfficeRootOffice16ONBttnIE.dll/105
IE: Télécharger avec IDM - crogram files (x86)Internet Download ManagerIEExt.htm
IE: Télécharger tous les liens avec IDM - crogram files (x86)Internet Download ManagerIEGetAll.htm
TCP: DhcpNameServer = 192.168.0.1
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - crogram files (x86)Microsoft OfficerootOffice16MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - crogram files (x86)Microsoft OfficerootOffice16MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - crogram files (x86)Microsoft OfficerootOffice16MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - crogram files (x86)Microsoft OfficerootOffice16MSOSB.DLL
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Wow6432Node-HKCU-Run-syswin - c:bootssyswin.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:windowsSystem32SPReviewSPReview.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERSS-1-5-21-3084896031-3779140670-1556395125-1000_ClassesWow6432NodeCLSID{2f6d2b56-df4c-49f7-b03e-f0e51203a72a}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000098
"Therad"=dword:00000013
.
[HKEY_USERSS-1-5-21-3084896031-3779140670-1556395125-1000_ClassesWow6432NodeCLSID{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):fd,61,bb,3f,9d,40,f7,1a,2c,54,a9,b3,00,35,a3,70,0f,45,db,5e,4b,
d9,74,b5,fa,93,b7,83,8e,cb,60,85,ba,47,4f,2b,5f,14,5b,a6,00,00,00,00,00,00,
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\Windows\system32\Macromed\Flash\FlashUtil64_29_0_0_113_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}LocalServer32]
@="c:\Windows\system32\Macromed\Flash\FlashUtil64_29_0_0_113_ActiveX.exe"
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINEsoftwareClassesInterface{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINEsoftwareClassesInterface{299817DA-1FAC-4CE2-8F48-A108237013BD}ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINEsoftwareClassesInterface{299817DA-1FAC-4CE2-8F48-A108237013BD}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}LocalServer32]
@="c:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_ActiveX.exe"
.
[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]
@="c:\Windows\SysWOW64\Macromed\Flash\Flash32_29_0_0_113.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]
@="ShockwaveFlash.ShockwaveFlash.29"
.
[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]
@="c:\Windows\SysWOW64\Macromed\Flash\Flash32_29_0_0_113.ocx, 1"
.
[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]
@="1.0"
.
[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]
@="c:\Windows\SysWOW64\Macromed\Flash\Flash32_29_0_0_113.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]
@="c:\Windows\SysWOW64\Macromed\Flash\Flash32_29_0_0_113.ocx, 1"
.
[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]
@="1.0"
.
[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{299817DA-1FAC-4CE2-8F48-A108237013BD}ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{299817DA-1FAC-4CE2-8F48-A108237013BD}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINEsoftwareWow6432NodeMicrosoftOfficeCommonSmart TagActions{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINEsoftwareWow6432NodeMicrosoftSchema LibraryActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINEsoftwareWow6432NodeMicrosoftSchema LibraryActionsPane3]
"Key"="ActionsPane3"
"Location"="c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}001AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}002AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}003AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}004AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}005AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}006AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}007AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}008AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}009AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}010AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}011AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}012AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}013AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}014AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}015AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}016AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINEsystemControlSet002ControlPCWSecurity]
@Denied: (Full) (Everyone)
.
Heure de fin: 2018-03-25 08:01:13
ComboFix-quarantined-files.txt 2018-03-25 07:01
.
Avant-CF: 17 346 179 072 octets libres
Après-CF: 16 766 959 616 octets libres
.
- - End Of File - - 4A59F5784E9C076848DFEB271FF22E9B
A36C5E4F47E84449FF07ED3517B43A31


Merci pour votre assistance
 
 
     
Vous devez être connecté pour écrire un message !