Au secours ! "n'est pas une application Win32 valide"


#1

Bonjour à tous!

Je recherche de l’aide sur un sujet qui est apparement du “déja vu”. Bien entendu, j’ai fais mes recherches sur le sujet, et à vrai dire, je commence un peu à m’emmeler les pinçeaux ( je suis pas vraiement un crac sur le sujet :confused:).
Le sujet porte sur (comme l’indique le titre!) : “n’est pas une application Win32 valide” lorsque je tente de lancer un anti-virus ou spyware de tout genre. J’ai remarqué le probleme lorsque mon antivirus ne c’est pas lancé au démarrage de ma session. Et en sus, mon PC rame de plus en plus et le ventilo tourne en continue. Ma première conclusion : surement Bagle!
Cela va faire 3 jours que je tente à peu près tous ce que je pu trouver, mais sans résultats. Cela peut-être du au fait que je commence à tout melanger au risque de faire n’importe quoi.
Donc si l’un de vous est près à m’accompagner dans ma tentative de résolution du problème, je suis largement reconnaissant. Parceque là je vais p… un c… :@

Merci d’avance :wink:


#2

Salut

Essaye de poster un log [hijackthis[/url] url=http://lasecuritepourtous.free.fr/les-outils-divers/hijackthis.html](http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe)

Si sa fonctionne pas en mode normal, redémarre en mode sans échec


#3

Salut,

Certainement un Beagle.

Pour vérif:

FindyKill de Chiquitine29

Fais un clique droit sur le lien et choisis ( “enregistrer la cible sous …” )( , destination le bureau .

( Note importante : si tu as le prg Elibagla sur ton PC , supprimes le ( risque de conflit entre les deux outils )

Entre dans le dossier " FindyKill "

Double clic sur " FindyKill.bat " (et pas sur autre chose!) pour lancer l’outil .

Choisis l’option 1 . Puis laisses travailler …

Une fois terminé, postes le rapport FindyKill.txt qui est généré …

Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt

Les-risques-securitaires-du-peer-to-peer

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.


#4

Salut!

Déjà merci pour votre réactivité

Je viens de faire la manip’ que tu me propose… résultat : Je crois que c’est du coriace. Hijackthis est aussi non valide pour Win32. Le pire c’est qu’en tentant le mode sans échec, c’est impossible … je tombe sur le ‘remake’ du Grand bleu version windows si tu vois ce je veux dire :arf: . Je suis qu’en même parvenu dans un mode sans échec, en passant par je ne sais plus trop quoi comme mode, mais je crains que ne soit pas aussi propre que le mode sans échec proprement dit.

Je vais à présent tenter la proposition de goldorak59

A+


#5

Voilà, pour répondre à Golorak59, le rpport de Findkill :

[spoiler]

###################### [ FindyKill V4.715 ]

User : J?r“me et Sophie - MELIGNON

Emplacement : C:\Program Files\FindyKill

Outils Mis a jours 29/01/09 par Chiquitine29

Recherche effectuée à 17:34:47 le 30/01/2009

Windows XP - Internet Explorer 6.0.2900.2180

[ FindyKill V4.715 - Scan ]

\\\\\\\\\\ [ Processus actifs ] ///////////////////

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\APPS\skype\Phone\Skype.exe
C:\Documents and Settings\Jérôme et Sophie\Application Data\drivers\winupgro.exe
C:\WINDOWS\system32\wintems.exe
C:\Program Files\Labtec NumPad\Magickey.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\APPS\skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jérôme et Sophie\Application Data\m\flec006.exe

\\\\\\\\\ [ Processus infectieux stoppés ] ///////////////////

“C:\Documents and Settings\Jérôme et Sophie\Application Data\drivers\winupgro.exe” (468)
“C:\WINDOWS\system32\wintems.exe” (532)
“C:\Documents and Settings\Jérôme et Sophie\Application Data\m\flec006.exe” (2904)

\\\\\\\\\ [ Fichiers/Dossiers infectieux ] ///////////////////

################## [ C:\ ]

Found ! [29/01/2009 19:36] - “C:\Muestras”
Found ! [29/01/2009 22:16] - C:\InfoSat.txt

################## [ C:\WINDOWS ]

################## [ C:\WINDOWS\Prefetch ]

Found ! - C:\WINDOWS\prefetch\1069296.EXE-0F37809E.pf
Found ! - C:\WINDOWS\prefetch\1080062.EXE-2309D214.pf
Found ! - C:\WINDOWS\prefetch\1082750.EXE-0AC8E2F2.pf
Found ! - C:\WINDOWS\prefetch\1219343.EXE-259A8E29.pf
Found ! - C:\WINDOWS\prefetch\1231718.EXE-2D5D8F9A.pf
Found ! - C:\WINDOWS\prefetch\433953.EXE-102EB7E4.pf
Found ! - C:\WINDOWS\prefetch\459156.EXE-372FC4B0.pf
Found ! - C:\WINDOWS\prefetch\561843.EXE-295D5C15.pf
Found ! - C:\WINDOWS\prefetch\573312.EXE-35456C42.pf
Found ! - C:\WINDOWS\prefetch\581046.EXE-1AB67723.pf
Found ! - C:\WINDOWS\prefetch\619859.EXE-2CFB03F8.pf
Found ! - C:\WINDOWS\prefetch\657546.EXE-30F9ACDC.pf
Found ! - C:\WINDOWS\prefetch\804281.EXE-1029A9B1.pf
Found ! - C:\WINDOWS\prefetch\820531.EXE-050C5C34.pf
Found ! - C:\WINDOWS\prefetch\985078.EXE-32C36150.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-38724AD4.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf

################## [ C:\WINDOWS\system32 ]

Found ! [30/01/2009 10:41] - C:\WINDOWS\system32\mdelk.exe
Found ! [30/01/2009 10:41] - C:\WINDOWS\system32\wintems.exe
Found ! [30/01/2009 17:19] - C:\WINDOWS\system32\ban_list.txt

################## [ C:\WINDOWS\system32\drivers ]

################## [ C:\Documents and Settings\J?r“me et Sophie\Application Data ]

Found ! [30/01/2009 17:16] - “C:\Documents and Settings\J?r“me et Sophie\Application Data\m\flec006.exe”
Found ! [30/01/2009 17:17] - “C:\Documents and Settings\J?r“me et Sophie\Application Data\m\list.oct”
Found ! [30/01/2009 17:17] - “C:\Documents and Settings\J?r“me et Sophie\Application Data\m\data.oct”
Found ! [30/01/2009 17:17] - “C:\Documents and Settings\J?r“me et Sophie\Application Data\m\srvlist.oct”
Found ! [30/01/2009 17:19] - “C:\Documents and Settings\J?r“me et Sophie\Application Data\m\shared”
Found ! [30/01/2009 10:35] - “C:\Documents and Settings\J?r“me et Sophie\Application Data\m”
Found ! [30/01/2009 10:24] - “C:\Documents and Settings\J?r“me et Sophie\Application Data\drivers”
Found ! [30/01/2009 17:09] - “C:\Documents and Settings\J?r“me et Sophie\Application Data\drivers\srosa2.sys”
Found ! [30/01/2009 17:09] - “C:\Documents and Settings\J?r“me et Sophie\Application Data\drivers\wfsintwq.sys”
Found ! [11/09/2005 02:06] - “C:\Documents and Settings\J?r“me et Sophie\Application Data\drivers\winupgro.exe”
Found ! [30/01/2009 17:23] - “C:\Documents and Settings\J?r“me et Sophie\Application Data\drivers\downld”

################## [ C:\DOCUME~1\JRMEET~1\LOCALS~1\Temp ]

\\\\\\\\\ [ Registre / Startup ] ///////////////////

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
WOOKIT=C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
Skype=“C:\APPS\skype\Phone\Skype.exe” /nosplash /minimized

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
WOOWATCH=C:\PROGRA~1\Wanadoo\Watch.exe
WOOTASKBARICON=C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
TkBellExe=“C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
SunJavaUpdateSched=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”
STDSB=C:\WINDOWS\system32\drivers\STDSB.exe
Raccourci vers la page des propriétés de High Definition Audio=HDAShCut.exe
QuickTime Task=“C:\Program Files\QuickTime\qttask.exe” -atboottime
PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
PCMService=“c:\Apps\Powercinema\PCMService.exe”
NWEReboot=
IMJPMIG8.1=“C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
igfxtray=C:\WINDOWS\system32\igfxtray.exe
igfxpers=C:\WINDOWS\system32\igfxpers.exe
igfxhkcmd=C:\WINDOWS\system32\hkcmd.exe
Icon=C:\WINDOWS\system32\drivers\Icon.exe
AzMixerSel=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
RTHDCPL=RTHDCPL.EXE
Alcmtr=ALCMTR.EXE
KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1

[HKEY_CURRENT_USER\software\local appwizard-generated applications\serial]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Watch]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

\\\\\\\\\ [ Registre / Clés infectieuses ] ///////////////////

Found ! - HKEY_USERS\S-1-5-21-2152261890-3471989487-3052476579-1006\Software\Local AppWizard-Generated Applications\serial
Found ! - HKEY_USERS\S-1-5-21-2152261890-3471989487-3052476579-1006\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-2152261890-3471989487-3052476579-1006\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-2152261890-3471989487-3052476579-1006\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-2152261890-3471989487-3052476579-1006\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-2152261890-3471989487-3052476579-1006\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-2152261890-3471989487-3052476579-1006\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\serial
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | drvsyskit
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | german.exe
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | mule_st_key

/!\ Infection active : HKLM\SYSTEM…\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM…\Services\sK9Ou0s -> Start = 0x1

\\\\\\\\\ [ Etat / Services ] ///////////////////

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

/!\ Mode sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

/!\ Mode sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

/!\ Mode sans echec non fonctionnel !!

Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - # Type de démarrage = 4

/!\ Ip6Fw - # Type de démarrage = 4

/!\ SharedAccess - # Type de démarrage = 4

/!\ wuauserv - # Type de démarrage = 4

/!\ wscsvc - # Type de démarrage = 4

\\\\\\\\\ [ Recherche dans supports amovibles] ///////////////////

Informations :

C: - Lecteur fixe

presence des fichiers :

\\\\\\\\\ [ Registre / Mountpoint2 ] ///////////////////

-> Not found !

################## [ ! Fin du rapport # FindyKill V4.715 ! ]

[/spoiler]


#6

Re,

Findykill de chiquitine29 option 2

Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc…) sans les ouvrir

Double-clique sur le raccourci FindyKill sur ton bureau

Au menu principal, l’option 2 (Suppression)

/!\ Il y aura 1 redémarrages, laisse travailler l’outil jusqu’à l’apparition du message “nettoyage effectué” /!\

Ensuite, poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.


#7

Re !

Aïe ! Findyfill plante à l’option 2 au moment de lancer la suppression. Je tombe sur un écran bleu comme quoi il faut redémarrer et ‘patati et patata’… Le message signale apparement qu’un problème viendrait du fichier wfsintwq.sys. Pas de rapport findykill généré.
Si ça peut aider :wink:

A+


#8

Re,

Tente la manip en mode sans échec STP.

merci


#9

Re,

voilà le rapport :

[spoiler]

###################### [ FindyKill V4.715 ]

User : J?r“me et Sophie - MELIGNON

Executed from : C:\Program Files\FindyKill

Update on 29/01/09Nby Chiquitine29

Start at 13:10:49 the 31/01/2009

Windows XP - Internet Explorer 6.0.2900.2180

[ FindyKill V4.715 - Deleting ]

\\\\\\\\\ [ Active Processes ] ///////////////////

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\FTRTSVC.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe

\\\\\\\\\ [ Infected Files / Folders ] ///////////////////

################## [ C:\ ]

Deleted ! - “C:\Muestras”
Deleted ! - C:\InfoSat.txt

################## [ C:\WINDOWS ]

################## [ C:\WINDOWS\Prefetch ]

Deleted ! - C:\WINDOWS\prefetch\1069296.EXE-0F37809E.pf
Deleted ! - C:\WINDOWS\prefetch\1080062.EXE-2309D214.pf
Deleted ! - C:\WINDOWS\prefetch\1082750.EXE-0AC8E2F2.pf
Deleted ! - C:\WINDOWS\prefetch\1219343.EXE-259A8E29.pf
Deleted ! - C:\WINDOWS\prefetch\1231718.EXE-2D5D8F9A.pf
Deleted ! - C:\WINDOWS\prefetch\3108703.EXE-347D4970.pf
Deleted ! - C:\WINDOWS\prefetch\3118375.EXE-0AD90CD2.pf
Deleted ! - C:\WINDOWS\prefetch\433953.EXE-102EB7E4.pf
Deleted ! - C:\WINDOWS\prefetch\442609.EXE-3B1CA8AC.pf
Deleted ! - C:\WINDOWS\prefetch\459156.EXE-372FC4B0.pf
Deleted ! - C:\WINDOWS\prefetch\463000.EXE-1F50B04A.pf
Deleted ! - C:\WINDOWS\prefetch\561843.EXE-295D5C15.pf
Deleted ! - C:\WINDOWS\prefetch\573312.EXE-35456C42.pf
Deleted ! - C:\WINDOWS\prefetch\581046.EXE-1AB67723.pf
Deleted ! - C:\WINDOWS\prefetch\619859.EXE-2CFB03F8.pf
Deleted ! - C:\WINDOWS\prefetch\657546.EXE-30F9ACDC.pf
Deleted ! - C:\WINDOWS\prefetch\680265.EXE-220BF74E.pf
Deleted ! - C:\WINDOWS\prefetch\804281.EXE-1029A9B1.pf
Deleted ! - C:\WINDOWS\prefetch\820531.EXE-050C5C34.pf
Deleted ! - C:\WINDOWS\prefetch\985078.EXE-32C36150.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-38724AD4.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-238AA5EF.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf

################## [ C:\WINDOWS\system32 ]

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

################## [ C:\WINDOWS\system32\drivers ]

################## [ C:\Documents and Settings\J?r“me et Sophie\Application Data ]

Deleted ! - “C:\Documents and Settings\J?r“me et Sophie\Application Data\m\flec006.exe”
Deleted ! - “C:\Documents and Settings\J?r“me et Sophie\Application Data\m\list.oct”
Deleted ! - “C:\Documents and Settings\J?r“me et Sophie\Application Data\m\data.oct”
Deleted ! - “C:\Documents and Settings\J?r“me et Sophie\Application Data\m\srvlist.oct”
Deleted ! - “C:\Documents and Settings\J?r“me et Sophie\Application Data\m\shared”
Deleted ! - “C:\Documents and Settings\J?r“me et Sophie\Application Data\m”
Deleted ! - “C:\Documents and Settings\J?r“me et Sophie\Application Data\drivers\srosa2.sys”
Deleted ! - “C:\Documents and Settings\J?r“me et Sophie\Application Data\drivers\wfsintwq.sys”
Deleted ! - “C:\Documents and Settings\J?r“me et Sophie\Application Data\drivers\winupgro.exe”
Deleted ! - “C:\Documents and Settings\J?r“me et Sophie\Application Data\drivers\downld”
Deleted ! - “C:\Documents and Settings\J?r“me et Sophie\Application Data\drivers”

################## [ C:\DOCUME~1\JRMEET~1\LOCALS~1\Temp ]

################## [ C:\Documents and Settings\J?r“me et Sophie\Local Settings\Temporary Internet Files\Content.IE5 ]

Deleted ! - C:\Documents and Settings\J?r“me et Sophie\Local Settings\Temporary Internet Files\Content.IE5\GPQF4HYV\b64[1].jpg
Deleted ! - C:\Documents and Settings\J?r“me et Sophie\Local Settings\Temporary Internet Files\Content.IE5\GPQF4HYV\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\J?r“me et Sophie\Local Settings\Temporary Internet Files\Content.IE5\GPQF4HYV\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\J?r“me et Sophie\Local Settings\Temporary Internet Files\Content.IE5\KTM741CZ\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\J?r“me et Sophie\Local Settings\Temporary Internet Files\Content.IE5\KTM741CZ\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\J?r“me et Sophie\Local Settings\Temporary Internet Files\Content.IE5\KTM741CZ\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\J?r“me et Sophie\Local Settings\Temporary Internet Files\Content.IE5\KTM741CZ\mxd[1].jpg
Deleted ! - C:\Documents and Settings\J?r“me et Sophie\Local Settings\Temporary Internet Files\Content.IE5\KTM741CZ\servernames[1].htm
Deleted ! - C:\Documents and Settings\J?r“me et Sophie\Local Settings\Temporary Internet Files\Content.IE5\P3DMKX76\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\J?r“me et Sophie\Local Settings\Temporary Internet Files\Content.IE5\P3DMKX76\servernames[1].htm
Deleted ! - C:\Documents and Settings\J?r“me et Sophie\Local Settings\Temporary Internet Files\Content.IE5\XYGCN6CY\mxd[1].jpg

\\\\\\\\\ [ Registry / Infected keys ] ///////////////////

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_USERS\S-1-5-21-2152261890-3471989487-3052476579-1006\Software\Local AppWizard-Generated Applications\serial
Deleted ! - HKEY_USERS\S-1-5-21-2152261890-3471989487-3052476579-1006\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-2152261890-3471989487-3052476579-1006\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-2152261890-3471989487-3052476579-1006\Software\MuleAppData

\\\\\\\\\ [ States / Restarting of services ] ///////////////////

Safe boot mode restored !

Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - # Type of startup = 3

Ip6Fw - # Type of startup = 2

SharedAccess - # Type of startup = 2

wuauserv - # Type of startup = 2

wscsvc - # Type of startup = 2

\\\\\\\\\ [ Cleaning Removable drives ] ///////////////////

Informations :

C: - Lecteur fixe
E: - Lecteur fixe

deleting files :

Deleted ! - E:\autorun.inf

\\\\\\\\\ [ Registry / Mountpoint2 ] ///////////////////

-> Not found !

\\\\\\\\\ [ Searching Other Infections ] ///////////////////

Références de comparaison Bagle MD5 :

7b531e0a C:\Documents and Settings\J?r“me et Sophie\Application Data\drivers\winupgro.exe
5e00879c62ddb84702e7c3a17b3ed5f8 C:\Documents and Settings\J?r“me et Sophie\Application Data\drivers\winupgro.exe

Suspect ! - 5e00879c62ddb84702e7c3a17b3ed5f8 C:\Program Files\Wanadoo\Watch.exe

[/spoiler]

Je crois que ça a fait le ménage. Le PC ne mouline plus et j’ai pu réinstaller mon anti-virus.
Si Findykill à suffit pour régler le problème, je vous remercie déjà tout les deux pour votre aide. :super:


#10

Re,

Très bien:

Combofix. Attention,ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts…

Fais exactement ce qui suit :

Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !):
Fais un clic droit sur ce lien et choisis "enregistrer la cible sous … " : dans la fenêtre qui s’ouvre tape C-Fix, choisis le bureau comme destination et valide :

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation (si jamais tu en as et que je ne les ai pas vu sur le rapport hijackthis…)

—> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre…

—>Je te conseil d’installer la console de récupération.(Voir le tutoriel).

Tuto ici : TUTO

Ensuite:

Double-clique sur C-Fix.exe (= combofix.exe ) .

Appuie sur une touche pour démarrer le scan .

Attention : n’utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l’ordi —> si un message d’erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp


#11

Bonsoir,
J’ai aussi un problème “n’est pas une application Win32 valide”. Cela a effacé et désactivé mes points de restauration, et mon antivirus n’a rien détecté. J’ai alors exécuté Combofix,selon vos conseils, et voici mon rapport:

ComboFix 18-03-14.01 - Ir Enock Google 25/03/2018 7:27.1.2 - x64
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.3982.2511 [GMT 1:00]
Lancé depuis: c:usersIr Enock GoogleDesktopComboFix.exe
AV: Avast Antivirus Disabled/Updated {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus Disabled/Updated {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:bootssyswin.exe
c:programdataMicrosoftWindowsDeep Layers
c:programdataMicrosoftWindowsDeep LayersIcon.ico
c:programdataMicrosoftWindowsDeep Layerslua5.1.dll
c:programdataMicrosoftWindowsDeep Layerslua51.dll
c:programdataMicrosoftWindowsDeep LayersResourcedat01ap1.dat
c:programdataMicrosoftWindowsDeep LayersResourcedat01ap2.dat
c:programdataMicrosoftWindowsDeep LayersResourcedat01ap3.dat
c:programdataMicrosoftWindowsDeep LayersResourcedat01ap4.dat
c:programdataMicrosoftWindowsDeep LayersResourcedat01ap5.dat
c:programdataMicrosoftWindowsDeep LayersResourceIconsIcon.ico
c:programdataMicrosoftWindowsDeep Layerswinver.cdd
c:programdataMicrosoftWindowsDeep Layerswinver.exe
C:WindowsGABRIOLA.tt2
d:mes documentsDebugLogJSON.log
E:install.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2018-02-25 au 2018-03-25 ))))))))))))))))))))))))))))))))))))
.
.
2018-03-25 06:50 . 2018-03-25 06:50 -------- d-----w- c:usersDefaultAppDataLocaltemp
2018-03-24 17:15 . 2018-03-24 17:15 -------- d-----w- c:program files (x86)Micro Application
2018-03-24 16:28 . 2018-03-24 16:38 -------- d-----w- c:program filesEasy 7-Zip
2018-03-22 06:05 . 2018-03-22 06:05 -------- d-----w- c:programdataSWCUTemp
2018-03-17 12:15 . 2018-03-25 06:48 -------- d-----w- C:boots
2018-03-12 21:40 . 2018-03-12 21:40 463536 ----a-w- c:program files (x86)Common FilesMicrosoft SharedOFFICE16LICLUA.EXE
2018-03-12 21:39 . 2018-03-12 21:39 29872 ----a-w- c:program files (x86)Common FilesMicrosoft SharedOFFICE16Office Setup Controllerpkeyconfig.companion.dll
2018-03-12 21:28 . 2018-03-12 21:28 211632 ----a-w- c:program files (x86)Common FilesMicrosoft SharedSource EngineOSE.EXE
2018-03-12 12:56 . 2018-03-12 12:56 -------- d-----w- c:usersIr Enock GoogleAppDataRoamingHD Tune Pro
2018-03-12 12:54 . 2018-03-12 12:54 -------- d-----w- c:program files (x86)HD Tune Pro
2018-03-03 17:48 . 2018-03-03 17:48 -------- d-----w- c:program files (x86)Freemake
2018-02-27 06:44 . 2011-05-06 07:19 70344 ----a-w- c:windowssystem32driversCBDisk.sys
2018-02-27 06:44 . 2013-11-04 09:02 41800 ----a-w- c:windowssystem32driversMDPMGRNT.SYS
2018-02-27 06:43 . 2018-02-27 06:43 -------- d-----w- c:program files (x86)Mediafour
2018-02-27 06:43 . 2018-02-27 11:34 -------- d-----w- c:program filesCommon FilesMediafour
2018-02-27 06:43 . 2018-02-27 06:43 -------- d-----w- c:program files (x86)Common FilesMediafour
2018-02-27 06:43 . 2018-02-27 06:43 -------- d-----w- c:programdataMediafour
2018-02-27 06:43 . 2018-02-27 06:43 -------- d-----w- c:program filesMediafour
2018-02-27 04:53 . 2018-03-17 12:20 -------- d-----w- c:programdataHP Photo Creations
2018-02-27 04:53 . 2018-02-27 04:53 -------- d-----w- c:program files (x86)HP Photo Creations
2018-02-27 04:53 . 2018-02-27 04:53 -------- d-----w- c:programdataVisan
2018-02-27 04:51 . 2018-03-06 05:50 -------- d-----w- c:usersIr Enock GoogleAppDataRoamingHpUpdate
2018-02-27 04:49 . 2012-10-17 03:31 741480 ------w- c:windowssystem32HPDiscoPMa111.dll
2018-02-27 04:47 . 2018-02-27 04:47 -------- d-----w- c:programdataHP
2018-02-27 04:47 . 2018-02-27 04:51 -------- d-----w- c:program files (x86)HP
2018-02-27 04:47 . 2018-02-27 04:47 -------- d-----w- c:program filesHP
2018-02-27 04:39 . 2018-02-27 05:01 -------- d-----w- c:usersIr Enock GoogleAppDataLocalHP
2018-02-25 04:57 . 2018-02-25 04:57 -------- d-----w- c:program files (x86)Common FilesJava
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-03-18 20:30 . 2017-03-11 22:38 804352 ----a-w- c:windowsSysWow64FlashPlayerApp.exe
2018-03-18 20:30 . 2017-03-11 22:38 144896 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl
2018-03-17 06:01 . 2017-03-11 23:35 3465904 ----a-w- c:programdataMicrosoftClickToRun{9AC08E99-230B-47e8-9721-4577B7F124EA}integrator.exe
2018-03-04 15:19 . 2017-12-15 23:55 130067560 -c–a-w- c:windowssystem32MRT-KB890830.exe
2018-03-04 15:18 . 2017-04-02 01:23 130067560 -c–a-w- c:windowssystem32MRT.exe
2018-02-25 04:59 . 2017-03-11 22:37 110144 ----a-w- c:windowssystem32WindowsAccessBridge-64.dll
2018-02-25 04:54 . 2017-09-03 16:35 97344 ----a-w- c:windowsSysWow64WindowsAccessBridge-32.dll
2018-02-23 00:22 . 2018-02-03 01:35 899184 ----a-w- c:programdataMicrosofteHomePackagesMCEClientUXUpdateableMarkupmarkup.dll
2018-02-23 00:22 . 2018-02-03 01:35 42168 ----a-w- c:programdataMicrosofteHomePackagesMCEClientUXdSMStartResources.dll
2018-02-23 00:22 . 2018-02-03 01:34 639312 ----a-w- c:programdataMicrosofteHomePackagesMCESpotlightMCESpotlightSpotlightResources.dll
2018-02-15 22:01 . 2018-02-15 22:01 899184 ----a-w- c:programdataMicrosofteHomePackagesMCEClientUXUpdateableMarkup-2markup.dll
2018-02-15 22:00 . 2018-02-15 22:00 42168 ----a-w- c:programdataMicrosofteHomePackagesMCEClientUXdSM-2StartResources.dll
2018-02-15 22:00 . 2018-02-15 22:00 639312 ----a-w- c:programdataMicrosofteHomePackagesMCESpotlightMCESpotlight-2SpotlightResources.dll
2018-02-03 01:40 . 2017-03-11 22:19 457896 ----a-w- c:windowssystem32driversaswSP.sys
2018-02-03 01:40 . 2017-03-11 22:19 146648 ----a-w- c:windowssystem32driversaswMonFlt.sys
2018-02-03 01:35 . 2017-03-11 22:19 204456 ----a-w- c:windowssystem32driversaswStm.sys
2018-02-03 01:35 . 2017-03-11 22:19 358672 ----a-w- c:windowssystem32driversaswVmm.sys
2018-02-03 01:35 . 2017-03-11 22:19 84384 ----a-w- c:windowssystem32driversaswRvrt.sys
2018-02-03 01:35 . 2018-02-09 07:29 365680 ----a-w- c:windowssystem32aswBoot.exe
2018-02-03 01:35 . 2018-02-03 01:38 185096 ----a-w- c:windowssystem32driversaswArPot.sys
2018-02-03 01:35 . 2017-03-11 22:19 46976 ----a-w- c:windowssystem32driversaswHwid.sys
2018-02-03 01:35 . 2017-03-11 22:19 110336 ----a-w- c:windowssystem32driversaswRdr2.sys
2018-02-03 01:33 . 2017-03-11 22:19 1025176 ----a-w- c:windowssystem32driversaswSnx.sys
2018-02-03 01:32 . 2018-02-03 01:38 149344 ----a-w- c:windowssystem32driversaswHdsKe.sys
2018-02-03 01:32 . 2017-04-21 01:36 57696 ----a-w- c:windowssystem32driversaswbuniva.sys
2018-02-03 01:32 . 2017-04-21 01:36 343768 ----a-w- c:windowssystem32driversaswbloga.sys
2018-02-03 01:32 . 2017-04-21 01:36 199448 ----a-w- c:windowssystem32driversaswbidsha.sys
2018-02-03 01:32 . 2017-04-21 01:36 321512 ----a-w- c:windowssystem32driversaswbidsdrivera.sys
2018-01-03 01:36 . 2018-01-03 01:36 83792 ----a-w- c:windowsSysWow64vcruntime140.dll
2018-01-03 01:36 . 2018-01-03 01:36 440128 ----a-w- c:windowsSysWow64msvcp140.dll
2018-01-03 01:36 . 2018-01-03 01:36 263856 ----a-w- c:windowsSysWow64vccorlib140.dll
2018-01-03 01:36 . 2018-01-03 01:36 242496 ----a-w- c:windowsSysWow64concrt140.dll
2018-01-03 01:24 . 2018-01-03 01:24 87728 ----a-w- c:windowssystem32vcruntime140.dll
2018-01-03 01:24 . 2018-01-03 01:24 641696 ----a-w- c:windowssystem32msvcp140.dll
2018-01-03 01:24 . 2018-01-03 01:24 389296 ----a-w- c:windowssystem32vccorlib140.dll
2018-01-03 01:24 . 2018-01-03 01:24 331432 ----a-w- c:windowssystem32concrt140.dll
2018-01-02 03:35 . 2018-01-02 03:37 1001472 ----a-w- c:windowssystem32driversmod7700.sys
2018-01-02 03:35 . 2018-01-02 03:37 98816 ----a-w- c:windowssystem32driversew_jucdcacm.sys
2018-01-02 03:35 . 2018-01-02 03:37 86016 ----a-w- c:windowssystem32driversew_jubusenum.sys
2018-01-02 03:35 . 2018-01-02 03:37 69632 ----a-w- c:windowssystem32driversew_jucdcecm.sys
2018-01-02 03:35 . 2018-01-02 03:37 421376 ----a-w- c:windowssystem32driversewusbwwan.sys
2018-01-02 03:35 . 2018-01-02 03:37 32768 ----a-w- c:windowssystem32driversewdcsc.sys
2018-01-02 03:35 . 2018-01-02 03:37 28672 ----a-w- c:windowssystem32driversew_juextctrl.sys
2018-01-02 03:35 . 2018-01-02 03:37 221312 ----a-w- c:windowssystem32driversewusbmdm.sys
2018-01-02 03:35 . 2018-01-02 03:37 22016 ----a-w- c:windowssystem32driversew_hwupgrade.sys
2018-01-02 03:35 . 2018-01-02 03:37 212992 ----a-w- c:windowssystem32driversew_juwwanecm.sys
2018-01-02 03:35 . 2018-01-02 03:37 1490656 ----a-w- c:windowssystem32WdfCoInstaller01007.dll
2018-01-02 03:35 . 2018-01-02 03:37 13952 ----a-w- c:windowssystem32driversew_usbenumfilter.sys
2018-01-02 03:35 . 2018-01-02 03:37 117248 ----a-w- c:windowssystem32driversew_hwusbdev.sys
2018-01-02 03:35 . 2017-04-21 00:56 1490656 ----a-w- c:windowssystem32driversWdfCoInstaller01007.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOTCLSID{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2018-03-17 06:10 2197680 ----a-w- c:program files (x86)Microsoft OfficerootOffice16GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOTCLSID{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2018-03-17 06:10 2197680 ----a-w- c:program files (x86)Microsoft OfficerootOffice16GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOTCLSID{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2018-03-17 06:10 2197680 ----a-w- c:program files (x86)Microsoft OfficerootOffice16GROOVEEX.DLL
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
“IDMan”=“c:program files (x86)Internet Download ManagerIDMan.exe” [2016-12-15 4001848]
“uTorrent”=“c:usersIr Enock GoogleAppDataRoaminguTorrentuTorrent.exe” [2018-03-21 0]
“CCleaner Monitoring”=“c:program filesCCleanerCCleaner64.exe” [2018-02-07 10290608]
.
[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]
“ASUS Ai Charger”=“c:program files (x86)ASUSASUS Ai ChargerAiChargerAP.exe” [2012-08-13 547984]
“HP Software Update”=“c:program files (x86)HpHP Software UpdateHPWuSchd2.exe” [2013-05-30 96056]
.
c:usersIr Enock GoogleAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Alertes de surveillance de l’encre - HP Photosmart 5510 series.lnk - c:windowssystem32RunDll32.exe “c:program filesHPHP Photosmart 5510 seriesbinHPStatusBL.dll”,RunDLLEntry SERIALNUMBER=CN17B080WB05NR;CONNECTION=USB;MONITOR=1; [2017-9-29 46080]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
R2 aswStm;aswStm;c:windowssystem32driversaswStm.sys;c:windowsSYSNATIVEdriversaswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [x]
R2 TigoNet. RunOuc;TigoNet. OUC;c:program files (x86)TigoNetUpdateDogouc.exe;c:program files (x86)TigoNetUpdateDogouc.exe [x]
R3 aswbIDSAgent;aswbIDSAgent;c:program filesAVAST SoftwareAvastx64aswidsagenta.exe;c:program filesAVAST SoftwareAvastx64aswidsagenta.exe [x]
R3 aswHwid;aswHwid;c:windowssystem32driversaswHwid.sys;c:windowsSYSNATIVEdriversaswHwid.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:windowssystem32DRIVERSssudbus.sys;c:windowsSYSNATIVEDRIVERSssudbus.sys [x]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:windowssystem32DRIVERSdtlitescsibus.sys;c:windowsSYSNATIVEDRIVERSdtlitescsibus.sys [x]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:windowssystem32DRIVERSdtliteusbbus.sys;c:windowsSYSNATIVEDRIVERSdtliteusbbus.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:windowssystem32DRIVERSew_hwusbdev.sys;c:windowsSYSNATIVEDRIVERSew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:windowssystem32DRIVERSewusbwwan.sys;c:windowsSYSNATIVEDRIVERSewusbwwan.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:windowssystem32DRIVERSewusbnet.sys;c:windowsSYSNATIVEDRIVERSewusbnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:windowssystem32DRIVERSewusbdev.sys;c:windowsSYSNATIVEDRIVERSewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:windowssystem32IEEtwCollector.exe;c:windowsSYSNATIVEIEEtwCollector.exe [x]
R3 IntcDAud;Son Intel® pour écrans;c:windowssystem32DRIVERSIntcDAud.sys;c:windowsSYSNATIVEDRIVERSIntcDAud.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:windowssystem32DRIVERSnetaapl64.sys;c:windowsSYSNATIVEDRIVERSnetaapl64.sys [x]
R3 orange_zte_cdc_acm;ZTE Orange CDC-ACM driver;c:windowssystem32DRIVERSorange_zte_cdc_acm.sys;c:windowsSYSNATIVEDRIVERSorange_zte_cdc_acm.sys [x]
R3 orange_zte_cdc_ecm;orange_zte_cdc_ecm;c:windowssystem32DRIVERSorange_zte_cdc_ecm.sys;c:windowsSYSNATIVEDRIVERSorange_zte_cdc_ecm.sys [x]
R3 orange_zte_ecm_enum;ZTE Orange DC Enumerator;c:windowssystem32DRIVERSorange_zte_ecm_enum.sys;c:windowsSYSNATIVEDRIVERSorange_zte_ecm_enum.sys [x]
R3 orange_zte_ecm_enum_filter;orange_zte_ecm_enum_filter;c:windowssystem32DRIVERSorange_zte_ecm_enum_filter.sys;c:windowsSYSNATIVEDRIVERSorange_zte_ecm_enum_filter.sys [x]
R3 orange_zte_wcpo;ZTE Orange Install;c:windowssystem32DRIVERSorange_zte_wcpo.sys;c:windowsSYSNATIVEDRIVERSorange_zte_wcpo.sys [x]
R3 Revoflt;Revoflt;c:windowssystem32DRIVERSrevoflt.sys;c:windowsSYSNATIVEDRIVERSrevoflt.sys [x]
R3 RTSUER;Realtek USB Card Reader - UER;c:windowssystem32DriversRtsUer.sys;c:windowsSYSNATIVEDriversRtsUer.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:windowssystem32DRIVERSssudmdm.sys;c:windowsSYSNATIVEDRIVERSssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys;c:windowsSYSNATIVEdriverstsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:windowssystem32Driversusbaapl64.sys;c:windowsSYSNATIVEDriversusbaapl64.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:windowssystem32WatWatAdminSvc.exe;c:windowsSYSNATIVEWatWatAdminSvc.exe [x]
S0 aswbidsh;aswbidsh;c:windowssystem32driversaswbidsha.sys;c:windowsSYSNATIVEdriversaswbidsha.sys [x]
S0 aswblog;aswblog;c:windowssystem32driversaswbloga.sys;c:windowsSYSNATIVEdriversaswbloga.sys [x]
S0 aswbuniv;aswbuniv;c:windowssystem32driversaswbuniva.sys;c:windowsSYSNATIVEdriversaswbuniva.sys [x]
S0 aswRvrt;aswRvrt;c:windowssystem32driversaswRvrt.sys;c:windowsSYSNATIVEdriversaswRvrt.sys [x]
S0 aswVmm;aswVmm;c:windowssystem32driversaswVmm.sys;c:windowsSYSNATIVEdriversaswVmm.sys [x]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive Partition Driver;c:windowssystem32DRIVERSMDPMGRNT.SYS;c:windowsSYSNATIVEDRIVERSMDPMGRNT.SYS [x]
S0 MDRAID;MacDrive RAID Bus Driver;c:windowssystem32DRIVERSMDRAID.sys;c:windowsSYSNATIVEDRIVERSMDRAID.sys [x]
S1 aswArPot;aswArPot;c:windowssystem32driversaswArPot.sys;c:windowsSYSNATIVEdriversaswArPot.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:windowssystem32driversaswbidsdrivera.sys;c:windowsSYSNATIVEdriversaswbidsdrivera.sys [x]
S1 aswHdsKe;aswHdsKe;c:windowssystem32driversaswHdsKe.sys;c:windowsSYSNATIVEdriversaswHdsKe.sys [x]
S1 aswKbd;aswKbd;c:windowssystem32driversaswKbd.sys;c:windowsSYSNATIVEdriversaswKbd.sys [x]
S1 aswSnx;aswSnx;c:windowssystem32driversaswSnx.sys;c:windowsSYSNATIVEdriversaswSnx.sys [x]
S1 aswSP;aswSP;c:windowssystem32driversaswSP.sys;c:windowsSYSNATIVEdriversaswSP.sys [x]
S1 CBDisk;CBDisk;c:windowssystem32driversCBDisk.sys;c:windowsSYSNATIVEdriversCBDisk.sys [x]
S1 cnnctfy3;Connectify LightWeight Filter;c:windowssystem32DRIVERScnnctfy3.sys;c:windowsSYSNATIVEDRIVERScnnctfy3.sys [x]
S1 VBoxDrv;VirtualBox Service;c:windowssystem32DRIVERSVBoxDrv.sys;c:windowsSYSNATIVEDRIVERSVBoxDrv.sys [x]
S1 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service;c:windowssystem32DRIVERSVBoxNetAdp6.sys;c:windowsSYSNATIVEDRIVERSVBoxNetAdp6.sys [x]
S1 VBoxNetLwf;VirtualBox NDIS6 Bridged Networking Service;c:windowssystem32DRIVERSVBoxNetLwf.sys;c:windowsSYSNATIVEDRIVERSVBoxNetLwf.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:windowssystem32DRIVERSVBoxUSBMon.sys;c:windowsSYSNATIVEDRIVERSVBoxUSBMon.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:program filesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe;c:program filesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe [x]
S2 aswMonFlt;aswMonFlt;c:windowssystem32driversaswMonFlt.sys;c:windowsSYSNATIVEdriversaswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:program files (x86)Bluetooth Suiteadminservice.exe;c:program files (x86)Bluetooth Suiteadminservice.exe [x]
S2 CG6Service;CyberGhost 6 Service;c:program filesCyberGhost 6CyberGhost.Service.exe;c:program filesCyberGhost 6CyberGhost.Service.exe [x]
S2 ClickToRunSvc;Service Microsoft Office « Démarrer en un clic »;c:program filesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe;c:program filesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [x]
S2 Connectify;Connectify;c:program files (x86)ConnectifyConnectifyService.exe;c:program files (x86)ConnectifyConnectifyService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:windowsSystem32svchost.exe;c:windowsSYSNATIVEsvchost.exe [x]
S2 FoxitReaderService;Foxit Reader Service;c:program files (x86)Foxit SoftwareFoxit ReaderFoxitConnectedPDFService.exe;c:program files (x86)Foxit SoftwareFoxit ReaderFoxitConnectedPDFService.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:programdataDatacardServiceHWDeviceService64.exe;c:programdataDatacardServiceHWDeviceService64.exe [x]
S2 IDMWFP;IDMWFP;c:windowssystem32DRIVERSidmwfp.sys;c:windowsSYSNATIVEDRIVERSidmwfp.sys [x]
S2 igfxCUIService1.0.0.0;Intel® HD Graphics Control Panel Service;c:windowssystem32igfxCUIService.exe;c:windowsSYSNATIVEigfxCUIService.exe [x]
S2 InternetEverywhere_Service;InternetEverywhere_Service;c:program files (x86)InternetEverywhereInternetEverywhere_Service.exe;c:program files (x86)InternetEverywhereInternetEverywhere_Service.exe [x]
S2 MacDrive9Service;MacDrive 9 service;c:program filesMediafourMacDrive 9MacDrive9Service.exe;c:program filesMediafourMacDrive 9MacDrive9Service.exe [x]
S2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;c:program filesNitroPro 9NitroPDFDriverService9x64.exe;c:program filesNitroPro 9NitroPDFDriverService9x64.exe [x]
S2 NitroUpdateService;NitroUpdateService;c:program filesNitroPro 9Nitro_UpdateService.exe;c:program filesNitroPro 9Nitro_UpdateService.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:windowsSysWOW64NLSSRV32.EXE;c:windowsSysWOW64NLSSRV32.EXE [x]
S2 PfFilter;PfFilter;c:program files (x86)IObitProtected Folderpffilter.sys;c:program files (x86)IObitProtected Folderpffilter.sys [x]
S2 WsAppService;Wondershare Application Framework Service;c:program files (x86)WondershareWAF2.4.3.227WsAppService.exe;c:program files (x86)WondershareWAF2.4.3.227WsAppService.exe [x]
S3 AiCharger;AiCharger;SysWow64driversAiCharger.sys;SysWow64driversAiCharger.sys [x]
S3 BtFilter;BtFilter;c:windowssystem32DRIVERSbtfilter.sys;c:windowsSYSNATIVEDRIVERSbtfilter.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:windowssystem32DRIVERSew_jubusenum.sys;c:windowsSYSNATIVEDRIVERSew_jubusenum.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt64win7.sys;c:windowsSYSNATIVEDRIVERSRt64win7.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:windowssystem32DRIVERStaphss6.sys;c:windowsSYSNATIVEDRIVERStaphss6.sys [x]
.
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionsvchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
Contenu du dossier ‘Tâches planifiées’
.
2018-03-25 c:windowsTasksiToolsDaemon.job

  • c:program files (x86)ThinkSkyiTools 3iToolsDaemon.exe [2018-01-07 23:58]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOTCLSID{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2015-08-14 14:52 25624 ----a-w- c:program files (x86)Internet Download ManagerIDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOTCLSID{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2018-03-17 06:21 3207856 ----a-w- c:program files (x86)Microsoft OfficerootVFSProgramFilesX64Microsoft OfficeOffice16GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOTCLSID{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2018-03-17 06:21 3207856 ----a-w- c:program files (x86)Microsoft OfficerootVFSProgramFilesX64Microsoft OfficeOffice16GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOTCLSID{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2018-03-17 06:21 3207856 ----a-w- c:program files (x86)Microsoft OfficerootVFSProgramFilesX64Microsoft OfficeOffice16GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers0asw]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    .
    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers0avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOTCLSID{472083B0-C522-11CF-8763-00608CC02F24}]
    2018-02-03 01:35 1757400 ----a-w- c:program filesAVAST SoftwareAvastashShA64.dll
    .
    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers0asw]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    .
    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers0avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOTCLSID{472083B0-C522-11CF-8763-00608CC02F24}]
    2018-02-03 01:35 1757400 ----a-w- c:program filesAVAST SoftwareAvastashShA64.dll
    .
    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersMacDriveVolumeIcon]
    @="{6B21AF46-EE37-40D0-A707-C06C17D06CE9}"
    [HKEY_CLASSES_ROOTCLSID{6B21AF46-EE37-40D0-A707-C06C17D06CE9}]
    2013-11-01 13:14 238456 ----a-w- c:program filesMediafourMacDrive 9MDVolumeIcons.dll
    .
    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersMacDriveVolumeIconReadOnly]
    @="{E9BC4DCA-0A4E-4C65-9D40-621C9D0CDC5F}"
    [HKEY_CLASSES_ROOTCLSID{E9BC4DCA-0A4E-4C65-9D40-621C9D0CDC5F}]
    2013-11-01 13:14 238456 ----a-w- c:program filesMediafourMacDrive 9MDVolumeIcons.dll
    .
    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
    “AvastUI.exe”=“c:program filesAVAST SoftwareAvastAvLaunch.exe” [2018-02-03 246120]
    .
    ------- Examen supplémentaire -------
    .
    uLocal Page = c:windowssystem32blank.htm
    uStart Page = google.cd…
    mLocal Page = c:windowsSysWOW64blank.htm
    IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:program files (x86)Microsoft OfficeRootOffice16EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:program files (x86)Microsoft OfficeRootOffice16ONBttnIE.dll/105
    IE: Télécharger avec IDM - c:program files (x86)Internet Download ManagerIEExt.htm
    IE: Télécharger tous les liens avec IDM - c:program files (x86)Internet Download ManagerIEGetAll.htm
    TCP: DhcpNameServer = 192.168.0.1
    Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:program files (x86)Microsoft OfficerootOffice16MSOSB.DLL
    Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:program files (x86)Microsoft OfficerootOffice16MSOSB.DLL
    Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:program files (x86)Microsoft OfficerootOffice16MSOSB.DLL
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:program files (x86)Microsoft OfficerootOffice16MSOSB.DLL
    .
        • ORPHELINS SUPPRIMES - - - -
          .
          Wow6432Node-HKCU-Run-syswin - c:bootssyswin.exe
          Wow6432Node-HKLM-Run- - (no file)
          Wow6432Node-HKU-Default-RunOnce-SPReview - c:windowsSystem32SPReviewSPReview.exe
          .
          .
          .
          --------------------- CLES DE REGISTRE BLOQUEES ---------------------
          .
          [HKEY_USERSS-1-5-21-3084896031-3779140670-1556395125-1000_ClassesWow6432NodeCLSID{2f6d2b56-df4c-49f7-b03e-f0e51203a72a}]
          @Denied: (Full) (Everyone)
          @Allowed: (Read) (RestrictedCode)
          “Model”=dword:00000098
          “Therad”=dword:00000013
          .
          [HKEY_USERSS-1-5-21-3084896031-3779140670-1556395125-1000_ClassesWow6432NodeCLSID{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
          @Denied: (Full) (Everyone)
          “scansk”=hex(0):fd,61,bb,3f,9d,40,f7,1a,2c,54,a9,b3,00,35,a3,70,0f,45,db,5e,4b,
          d9,74,b5,fa,93,b7,83,8e,cb,60,85,ba,47,4f,2b,5f,14,5b,a6,00,00,00,00,00,00,
          .
          [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
          @Denied: (A 2) (Everyone)
          @=“FlashBroker”
          “LocalizedString”="@c:\Windows\system32\Macromed\Flash\FlashUtil64_29_0_0_113_ActiveX.exe,-101"
          .
          [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}Elevation]
          “Enabled”=dword:00000001
          .
          [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}LocalServer32]
          @=“c:\Windows\system32\Macromed\Flash\FlashUtil64_29_0_0_113_ActiveX.exe”
          .
          [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}TypeLib]
          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
          .
          [HKEY_LOCAL_MACHINEsoftwareClassesInterface{299817DA-1FAC-4CE2-8F48-A108237013BD}]
          @Denied: (A 2) (Everyone)
          @=“IFlashBroker6”
          .
          [HKEY_LOCAL_MACHINEsoftwareClassesInterface{299817DA-1FAC-4CE2-8F48-A108237013BD}ProxyStubClsid32]
          @="{00020424-0000-0000-C000-000000000046}"
          .
          [HKEY_LOCAL_MACHINEsoftwareClassesInterface{299817DA-1FAC-4CE2-8F48-A108237013BD}TypeLib]
          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
          “Version”=“1.0”
          .
          [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
          @Denied: (A 2) (Everyone)
          @=“FlashBroker”
          “LocalizedString”="@c:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_ActiveX.exe,-101"
          .
          [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}Elevation]
          “Enabled”=dword:00000001
          .
          [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}LocalServer32]
          @=“c:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_ActiveX.exe”
          .
          [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}TypeLib]
          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
          .
          [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]
          @Denied: (A 2) (Everyone)
          @=“Shockwave Flash Object”
          .
          [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]
          @=“c:\Windows\SysWOW64\Macromed\Flash\Flash32_29_0_0_113.ocx”
          “ThreadingModel”=“Apartment”
          .
          [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]
          @=“0”
          .
          [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]
          @=“ShockwaveFlash.ShockwaveFlash.29”
          .
          [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]
          @=“c:\Windows\SysWOW64\Macromed\Flash\Flash32_29_0_0_113.ocx, 1”
          .
          [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]
          @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
          .
          [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]
          @=“1.0”
          .
          [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]
          @=“ShockwaveFlash.ShockwaveFlash”
          .
          [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]
          @Denied: (A 2) (Everyone)
          @=“Macromedia Flash Factory Object”
          .
          [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]
          @=“c:\Windows\SysWOW64\Macromed\Flash\Flash32_29_0_0_113.ocx”
          “ThreadingModel”=“Apartment”
          .
          [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]
          @=“FlashFactory.FlashFactory.1”
          .
          [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]
          @=“c:\Windows\SysWOW64\Macromed\Flash\Flash32_29_0_0_113.ocx, 1”
          .
          [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]
          @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
          .
          [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]
          @=“1.0”
          .
          [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]
          @=“FlashFactory.FlashFactory”
          .
          [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{299817DA-1FAC-4CE2-8F48-A108237013BD}]
          @Denied: (A 2) (Everyone)
          @=“IFlashBroker6”
          .
          [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{299817DA-1FAC-4CE2-8F48-A108237013BD}ProxyStubClsid32]
          @="{00020424-0000-0000-C000-000000000046}"
          .
          [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{299817DA-1FAC-4CE2-8F48-A108237013BD}TypeLib]
          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
          “Version”=“1.0”
          .
          [HKEY_LOCAL_MACHINEsoftwareWow6432NodeMicrosoftOfficeCommonSmart TagActions{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
          @Denied: (A) (Everyone)
          “Solution”="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
          .
          [HKEY_LOCAL_MACHINEsoftwareWow6432NodeMicrosoftSchema LibraryActionsPane3]
          @Denied: (A) (Everyone)
          .
          [HKEY_LOCAL_MACHINEsoftwareWow6432NodeMicrosoftSchema LibraryActionsPane3]
          “Key”=“ActionsPane3”
          “Location”=“c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\ActionsPane3.xsd”
          .
          [HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}000AllUserSettings]
          @Denied: (A) (Users)
          @Denied: (A) (Everyone)
          @Allowed: (B 1 2 3 4 5) (S-1-5-20)
          “BlindDial”=dword:00000000
          .
          [HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}001AllUserSettings]
          @Denied: (A) (Users)
          @Denied: (A) (Everyone)
          @Allowed: (B 1 2 3 4 5) (S-1-5-20)
          “BlindDial”=dword:00000000
          .
          [HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}002AllUserSettings]
          @Denied: (A) (Users)
          @Denied: (A) (Everyone)
          @Allowed: (B 1 2 3 4 5) (S-1-5-20)
          “BlindDial”=dword:00000000
          .
          [HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}003AllUserSettings]
          @Denied: (A) (Users)
          @Denied: (A) (Everyone)
          @Allowed: (B 1 2 3 4 5) (S-1-5-20)
          “BlindDial”=dword:00000000
          .
          [HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}004AllUserSettings]
          @Denied: (A) (Users)
          @Denied: (A) (Everyone)
          @Allowed: (B 1 2 3 4 5) (S-1-5-20)
          “BlindDial”=dword:00000000
          .
          [HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}005AllUserSettings]
          @Denied: (A) (Users)
          @Denied: (A) (Everyone)
          @Allowed: (B 1 2 3 4 5) (S-1-5-20)
          “BlindDial”=dword:00000000
          .
          [HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}006AllUserSettings]
          @Denied: (A) (Users)
          @Denied: (A) (Everyone)
          @Allowed: (B 1 2 3 4 5) (S-1-5-20)
          “BlindDial”=dword:00000000
          .
          [HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}007AllUserSettings]
          @Denied: (A) (Users)
          @Denied: (A) (Everyone)
          @Allowed: (B 1 2 3 4 5) (S-1-5-20)
          “BlindDial”=dword:00000000
          .
          [HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}008AllUserSettings]
          @Denied: (A) (Users)
          @Denied: (A) (Everyone)
          @Allowed: (B 1 2 3 4 5) (S-1-5-20)
          “BlindDial”=dword:00000000
          .
          [HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}009AllUserSettings]
          @Denied: (A) (Users)
          @Denied: (A) (Everyone)
          @Allowed: (B 1 2 3 4 5) (S-1-5-20)
          “BlindDial”=dword:00000000
          .
          [HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}010AllUserSettings]
          @Denied: (A) (Users)
          @Denied: (A) (Everyone)
          @Allowed: (B 1 2 3 4 5) (S-1-5-20)
          “BlindDial”=dword:00000000
          .
          [HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}011AllUserSettings]
          @Denied: (A) (Users)
          @Denied: (A) (Everyone)
          @Allowed: (B 1 2 3 4 5) (S-1-5-20)
          “BlindDial”=dword:00000000
          .
          [HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}012AllUserSettings]
          @Denied: (A) (Users)
          @Denied: (A) (Everyone)
          @Allowed: (B 1 2 3 4 5) (S-1-5-20)
          “BlindDial”=dword:00000000
          .
          [HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}013AllUserSettings]
          @Denied: (A) (Users)
          @Denied: (A) (Everyone)
          @Allowed: (B 1 2 3 4 5) (S-1-5-20)
          “BlindDial”=dword:00000000
          .
          [HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}014AllUserSettings]
          @Denied: (A) (Users)
          @Denied: (A) (Everyone)
          @Allowed: (B 1 2 3 4 5) (S-1-5-20)
          “BlindDial”=dword:00000000
          .
          [HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}015AllUserSettings]
          @Denied: (A) (Users)
          @Denied: (A) (Everyone)
          @Allowed: (B 1 2 3 4 5) (S-1-5-20)
          “BlindDial”=dword:00000000
          .
          [HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}016AllUserSettings]
          @Denied: (A) (Users)
          @Denied: (A) (Everyone)
          @Allowed: (B 1 2 3 4 5) (S-1-5-20)
          “BlindDial”=dword:00000000
          .
          [HKEY_LOCAL_MACHINEsystemControlSet002ControlPCWSecurity]
          @Denied: (Full) (Everyone)
          .
          Heure de fin: 2018-03-25 08:01:13
          ComboFix-quarantined-files.txt 2018-03-25 07:01
          .
          Avant-CF: 17 346 179 072 octets libres
          Après-CF: 16 766 959 616 octets libres
          .
    • End Of File - - 4A59F5784E9C076848DFEB271FF22E9B
      A36C5E4F47E84449FF07ED3517B43A31

Merci pour votre assistance