[Résolu] Vérification d'un rapport Roguekiller sur Windows 7

[YouppiZack]

Bonjour,

J'ai des arrêts intempestifs sur Windows, certainement à cause de mon processeur qui chauffe de trop par moment, mais comme je suis un gros parano du malware, j'ai lancé un certain nombre de scans.

RogueKiller dont voici le rapport :

Code : Tout sélectionner

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarré en  : Mode normal
Utilisateur : Youppizack [Administrateur]
Démarré depuis : C:\Users\Youppizack\Downloads\RogueKillerX64.exe
Mode : Suppression -- Date : 10/30/2015 23:34:13

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 7 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.EsetTrialReset (C:\Windows\reset.exe /s) -> Supprimé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\globalUpdate (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc) -> Supprimé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\globalUpdatem (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc) -> Supprimé(e)
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer :   -> Supprimé(e)
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://securityresponse.symantec.com/avcenter/fix_homepage  -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-253613572-436576288-3170836619-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.duckduckgo.com/  -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-253613572-436576288-3170836619-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.duckduckgo.com/  -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 1 ¤¤¤
[Suspicious.Path|Suspicious.Startup][Fichier] C:\Users\Youppizack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VideoLAN.lnk -> Supprimé(e)

¤¤¤ Fichier Hosts : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤

¤¤¤ Navigateurs web : 2 ¤¤¤
[PUP][FIREFX:Addon] weo65ng9.default : Hotspot Shield Extension [[email protected]] -> Supprimé(e)
[PUM.HomePage][FIREFX:Config] weo65ng9.default : user_pref("browser.startup.homepage", "http://duckduckgo.com/"); -> Non sélectionné

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] fa7054e2f38cf3c8049ac9baab0b2772
[BSP] 1e6fb89cd003db4a9a4041352eacd725 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 286720 | Size: 206799 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 423811072 | Size: 270000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Ainsi qu'un scan avec Malwerbytes et Combofix finalement dont voici le rapport:


ComboFix 15-10-28.01 - Youppizack 31/10/2015   3:11.1.4 - x64
Microsoft Windows 7 Édition Intégrale   6.1.7601.1.1252.33.1036.18.8100.6434 [GMT 0:00]
Lancé depuis: c:\users\Youppizack\Downloads\ComboFix.exe
FW: ZoneAlarm Free Firewall Firewall *Disabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Un nouveau point de restauration a été créé
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Config.Dat
c:\programdata\ma-config.com
c:\programdata\ma-config.com\Logs\activex.txt
c:\programdata\ma-config.com\Logs\maconfservice.txt
c:\programdata\ma-config.com\Logs\mcdetection.txt
c:\programdata\ma-config.com\Logs\mcstubuser.txt
c:\programdata\ma-config.com\Logs\websocketpp.log
c:\programdata\ntuser.pol
C:\programfiles
c:\programfiles\cdm2014\cdm.url
c:\programfiles\cdm2014\CDM_PUB.JPG
c:\programfiles\cdm2014\cdm1998.ini
c:\programfiles\cdm2014\cdm2002.ini
c:\programfiles\cdm2014\cdm2006.ini
c:\programfiles\cdm2014\CDM2010.ini
c:\programfiles\cdm2014\cdm2014.exe
c:\programfiles\cdm2014\CDM2014.ini
c:\programfiles\cdm2014\langEn.txt
c:\programfiles\cdm2014\langFr.txt
c:\programfiles\cdm2014\langSp.txt
c:\programfiles\cdm2014\unins000.dat
c:\programfiles\cdm2014\unins000.exe
c:\users\bouhmadi\AppData\Roaming\dach100.dll
c:\users\bouhmadi\Desktop\Internet Explorer.lnk
c:\users\bouhmadi\ZHPCleaner.exe
c:\windows\msdownld.tmp
c:\windows\SysWow64\bcmF92D.tmp
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\SETDCFE.tmp
c:\windows\SysWow64\SETDF52.tmp
c:\windows\SysWow64\wpcap.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2015-09-28 au 2015-10-31  ))))))))))))))))))))))))))))))))))))
.
.
2015-10-30 23:36 . 2015-10-31 00:29	192216	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-30 23:36 . 2015-10-30 23:36	--------	d-----w-	c:\program files (x86)\Malwarebytes Anti-Malware
2015-10-30 23:36 . 2015-10-05 09:50	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-10-30 23:36 . 2015-10-05 09:50	109272	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-10-30 23:36 . 2015-10-05 09:50	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-10-30 22:58 . 2015-10-30 23:08	37624	----a-w-	c:\windows\system32\drivers\TrueSight.sys
2015-10-30 22:58 . 2015-10-30 23:35	--------	d-----w-	c:\programdata\RogueKiller
2015-10-29 05:40 . 2015-10-29 05:40	--------	d-s---w-	c:\windows\system32\GWX
2015-10-29 05:40 . 2015-10-29 05:40	--------	d-s---w-	c:\windows\SysWow64\GWX
2015-10-29 05:38 . 2015-07-18 13:08	984448	----a-w-	c:\windows\system32\ucrtbase.dll
2015-10-29 04:48 . 2015-10-29 04:48	--------	d-----w-	c:\users\Youppizack\AppData\Local\Microsoft Corporation
2015-10-29 04:47 . 2015-10-29 04:47	--------	d-----w-	c:\program files (x86)\Microsoft Windows 7 Upgrade Advisor
2015-10-29 03:47 . 2015-10-29 03:47	--------	d-----w-	c:\users\Youppizack\AppData\Roaming\QFX Software
2015-10-29 03:46 . 2015-10-29 03:46	--------	d-----w-	c:\programdata\QFX Software
2015-10-29 03:24 . 2015-10-29 03:24	--------	d-----w-	c:\program files (x86)\Common Files\Java
2015-10-29 03:02 . 2015-10-29 18:09	--------	d-----w-	c:\program files\WhoCrashed
2015-10-29 02:16 . 2015-10-29 02:16	--------	d-----w-	c:\users\bouhmadi\AppData\Local\Secunia PSI
2015-10-29 02:16 . 2015-10-29 02:16	--------	d-----w-	c:\program files (x86)\Secunia
2015-10-29 02:15 . 2015-08-18 16:25	224720	----a-w-	c:\windows\system32\drivers\keyscrambler.sys
2015-10-29 02:15 . 2015-10-29 02:15	--------	d-----w-	c:\program files (x86)\KeyScrambler
2015-10-28 06:53 . 2015-10-28 06:53	--------	d-----w-	C:\ToolBar SD
2015-10-28 06:50 . 2015-10-28 06:52	--------	d-----w-	c:\program files (x86)\Ad-Remover
2015-10-27 19:45 . 2015-10-20 04:33	11140960	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E450BC3-B0B1-428F-905C-9A907CE8C100}\mpengine.dll
2015-10-26 02:50 . 2012-12-26 17:26	805088	----a-w-	c:\windows\system32\drivers\Rt64win7.sys
2015-10-26 02:50 . 2012-12-26 17:26	74344	----a-w-	c:\windows\system32\RtNicProp64.dll
2015-10-26 01:30 . 2015-10-26 01:30	--------	d-----w-	c:\program files\Broadcom
2015-10-26 01:23 . 2012-08-09 03:35	671744	------w-	c:\windows\system32\stapi64.dll
2015-10-26 01:23 . 2012-08-09 03:35	541184	----a-w-	c:\windows\system32\drivers\stwrt64.sys
2015-10-26 01:23 . 2012-08-09 03:35	499200	----a-w-	c:\windows\system32\stcplx64.dll
2015-10-26 01:23 . 2012-08-09 03:35	255488	----a-w-	c:\windows\system32\st646421.dll
2015-10-26 01:23 . 2012-08-09 03:35	2188288	----a-w-	c:\windows\system32\SET3B4E.tmp
2015-10-26 01:23 . 2015-10-26 01:16	--------	d-----w-	c:\program files\IDT
2015-10-26 00:22 . 2015-10-26 01:16	--------	d-----w-	c:\program files (x86)\Cisco
2015-10-25 23:47 . 2015-10-25 23:48	28856	----a-w-	c:\windows\bcmD1CF.tmp
2015-10-25 23:26 . 2015-10-26 01:16	--------	d-----w-	c:\program files\DriversCloud.com
2015-10-25 23:26 . 2015-10-25 23:26	--------	d-----w-	c:\programdata\DriversCloud.com
2015-10-25 23:07 . 2015-10-25 23:07	--------	d-----w-	c:\users\Youppizack\AppData\Roaming\InstallShield
2015-10-25 23:01 . 2015-10-26 01:54	--------	d-----w-	c:\users\Youppizack\AppData\Local\ElevatedDiagnostics
2015-10-25 21:49 . 2015-10-25 21:49	--------	d-----w-	c:\programdata\PC-Doctor for Windows
2015-10-25 21:49 . 2015-10-25 21:49	--------	d-----w-	c:\program files\Dell Support Center
2015-10-25 21:41 . 2015-10-25 22:06	--------	d-----w-	c:\users\Youppizack\AppData\Local\Deployment
2015-10-22 22:37 . 2015-10-29 03:09	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2015-10-22 22:37 . 2015-10-29 03:10	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2015-10-22 22:14 . 2015-10-22 22:23	--------	d-----w-	c:\users\Youppizack\.FBReader
2015-10-19 19:00 . 2015-10-26 01:17	--------	d-----w-	c:\users\Youppizack\AppData\Roaming\Atomic Alarm Clock 6
2015-10-19 18:59 . 2015-10-19 18:59	--------	d-----w-	c:\program files\Atomic Alarm Clock
2015-10-16 20:07 . 2015-10-16 20:07	--------	d-----w-	c:\users\Youppizack\AppData\Roaming\SuperHideIP
2015-10-16 20:07 . 2015-10-16 20:07	--------	d-----w-	c:\programdata\SuperHideIP
2015-10-16 19:57 . 2015-10-16 19:57	--------	d-----w-	c:\users\Youppizack\AppData\Roaming\C__Users_Youppizack_Mes Programmes_Super Hide IP 3.0.6.2 + Crack_Super Hide IP 3.0.6.2_Crack_SuperHideIP.exe
2015-10-16 19:57 . 2015-10-16 19:57	--------	d-----w-	c:\programdata\C__Users_Youppizack_Mes Programmes_Super Hide IP 3.0.6.2 + Crack_Super Hide IP 3.0.6.2_Crack_SuperHideIP.exe
2015-10-12 01:14 . 2015-10-12 01:14	--------	d-----w-	c:\program files (x86)\Razer
2015-10-12 01:14 . 2015-10-12 01:14	--------	d-----w-	c:\programdata\Razer
2015-10-12 01:01 . 2015-10-31 02:52	--------	d-----w-	c:\program files (x86)\SpeedFan
2015-10-11 16:17 . 2015-10-30 00:08	--------	d-----w-	c:\programdata\PCDr
2015-10-11 16:16 . 2015-10-25 21:45	--------	d-----w-	c:\users\Youppizack\AppData\Roaming\PCDr
2015-10-11 16:09 . 2015-10-11 16:09	--------	d-----w-	c:\programdata\Logs
2015-10-04 19:07 . 2015-10-04 19:07	--------	d-----w-	c:\users\Youppizack\AppData\Roaming\AdbDriverInstaller
2015-10-02 16:40 . 2015-10-02 16:40	17314496	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-29 06:11 . 2013-02-26 02:36	143481208	----a-w-	c:\windows\system32\MRT.exe
2015-10-29 03:23 . 2015-01-20 00:41	110176	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2015-10-17 04:23 . 2012-07-06 00:49	780488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-10-17 04:23 . 2012-07-06 00:49	142536	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-09-29 02:58 . 2015-10-29 05:39	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-09-26 08:40 . 2015-09-18 12:16	322144	----a-w-	c:\windows\system32\javaws.exe
2015-09-19 20:21 . 2015-09-19 17:45	131336	----a-w-	c:\windows\SysWow64\drivers\avfwot.sys
2015-09-19 15:12 . 2012-07-06 01:41	1106432	----a-w-	c:\windows\system32\bcm53A1.tmp
2015-09-19 15:12 . 2012-07-06 01:41	6656	----a-w-	c:\windows\system32\bcm119.tmp
2015-09-19 15:12 . 2012-07-06 01:41	4763648	----a-w-	c:\windows\system32\bcmF6E9.tmp
2015-09-19 15:12 . 2012-07-06 01:41	459	----a-w-	c:\windows\SysWow64\bcmF9EA.tmp
2015-09-19 15:12 . 2012-07-06 01:41	22592	----a-w-	c:\windows\system32\drivers\bcmFAF5.tmp
2015-09-19 15:12 . 2012-07-06 01:41	8124416	----a-w-	c:\windows\system32\bcmF3AB.tmp
2015-09-19 15:12 . 2012-07-06 01:41	73728	----a-w-	c:\windows\system32\bcmF477.tmp
2015-09-19 15:12 . 2012-07-06 01:41	457	----a-w-	c:\windows\system32\bcmF2CE.tmp
2015-09-19 15:12 . 2012-07-06 01:41	3161088	----a-w-	c:\windows\system32\bcmF24F.tmp
2015-09-02 03:04 . 2015-09-08 22:58	41984	----a-w-	c:\windows\system32\lpk.dll
2015-09-02 03:04 . 2015-09-08 22:58	100864	----a-w-	c:\windows\system32\fontsub.dll
2015-09-02 03:04 . 2015-09-08 22:58	14336	----a-w-	c:\windows\system32\dciman32.dll
2015-09-02 03:04 . 2015-09-08 22:58	46080	----a-w-	c:\windows\system32\atmlib.dll
2015-09-02 02:48 . 2015-09-08 22:58	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2015-09-02 02:48 . 2015-09-08 22:58	10240	----a-w-	c:\windows\SysWow64\dciman32.dll
2015-09-02 02:48 . 2015-09-08 22:58	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2015-09-02 02:47 . 2015-09-08 22:58	25600	----a-w-	c:\windows\SysWow64\lpk.dll
2015-09-02 01:51 . 2015-09-08 22:58	3209216	----a-w-	c:\windows\system32\win32k.sys
2015-09-02 01:47 . 2015-09-08 22:58	372736	----a-w-	c:\windows\system32\atmfd.dll
2015-09-02 01:33 . 2015-09-08 22:58	299520	----a-w-	c:\windows\SysWow64\atmfd.dll
2015-08-27 18:18 . 2015-09-08 22:59	2004480	----a-w-	c:\windows\system32\msxml6.dll
2015-08-27 18:18 . 2015-09-08 22:59	1887232	----a-w-	c:\windows\system32\msxml3.dll
2015-08-27 18:13 . 2015-09-08 22:59	2048	----a-w-	c:\windows\system32\msxml6r.dll
2015-08-27 18:13 . 2015-09-08 22:59	2048	----a-w-	c:\windows\system32\msxml3r.dll
2015-08-27 17:58 . 2015-09-08 22:59	1391104	----a-w-	c:\windows\SysWow64\msxml6.dll
2015-08-27 17:58 . 2015-09-08 22:59	1241088	----a-w-	c:\windows\SysWow64\msxml3.dll
2015-08-27 17:51 . 2015-09-08 22:59	2048	----a-w-	c:\windows\SysWow64\msxml6r.dll
2015-08-27 17:51 . 2015-09-08 22:59	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
2015-08-11 02:39 . 2015-08-11 02:39	461792	----a-w-	c:\windows\system32\drivers\vsdatant.sys
2015-08-05 17:56 . 2015-09-08 23:04	1110016	----a-w-	c:\windows\system32\schedsvc.dll
2015-08-05 17:56 . 2015-09-08 23:04	24576	----a-w-	c:\windows\system32\jnwmon.dll
2015-08-05 17:56 . 2015-09-08 23:04	275456	----a-w-	c:\windows\system32\InkEd.dll
2015-08-05 17:40 . 2015-09-08 23:04	216064	----a-w-	c:\windows\SysWow64\InkEd.dll
2010-01-26 10:11 . 2015-01-20 00:52	444283	----a-w-	c:\program files\Common Files\WinPcapNmap.exe
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f.lux"="c:\users\Youppizack\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
"uTorrent"="c:\users\Youppizack\AppData\Roaming\uTorrent\uTorrent.exe" [2015-09-26 1821536]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-10-19 8551848]
"AtomicAlarmClock6"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2015-07-20 5320704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2015-08-11 134792]
"KeyScrambler"="c:\program files (x86)\KeyScrambler\keyscrambler.exe" [2015-10-12 509216]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-10-06 597040]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-28 1011200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"PMBVolumeWatcher"=c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
.
R1 DLACDBHE;DLACDBHE;c:\windows\system32\Drivers\DLACDBHE.SYS;c:\windows\SYSNATIVE\Drivers\DLACDBHE.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\DRIVERS\aswTap.sys;c:\windows\SYSNATIVE\DRIVERS\aswTap.sys [x]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys;c:\windows\SYSNATIVE\DRIVERS\btcomport.sys [x]
R3 BtHidBus;BtHidBus;c:\windows\system32\Drivers\BtHidBus.sys;c:\windows\SYSNATIVE\Drivers\BtHidBus.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\users\Youppizack\Mes Programmes\EVEREST.Ultimate.Edition v.5.50.2253+Keygen\Everest_Ultimate_Build_2253\kerneld.amd64;c:\users\bouhmadi\Mes Programmes\EVEREST.Ultimate.Edition v.5.50.2253+Keygen\Everest_Ultimate_Build_2253\kerneld.amd64 [x]
R3 evusbat;CDMA Modem AT Port;c:\windows\system32\DRIVERS\evusbat.sys;c:\windows\SYSNATIVE\DRIVERS\evusbat.sys [x]
R3 evusbdiag;CDMA Modem Service Port;c:\windows\system32\DRIVERS\evusbdiag.sys;c:\windows\SYSNATIVE\DRIVERS\evusbdiag.sys [x]
R3 evusbmdm;CDMA Modem USB Modem;c:\windows\system32\DRIVERS\evusbmdm.sys;c:\windows\SYSNATIVE\DRIVERS\evusbmdm.sys [x]
R3 evusbvoc;CDMA Modem Voice Port;c:\windows\system32\DRIVERS\evusbvoc.sys;c:\windows\SYSNATIVE\DRIVERS\evusbvoc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 IvtAudioBusSrv;IvtAudioBusSrv;c:\windows\system32\Drivers\IvtBtBus.sys;c:\windows\SYSNATIVE\Drivers\IvtBtBus.sys [x]
R3 IvtComBusSrv;IvtComBusSrv;c:\windows\system32\Drivers\btcombus.sys;c:\windows\SYSNATIVE\Drivers\btcombus.sys [x]
R3 IvtPanBusSrv;IvtPanBusSrv;c:\windows\system32\Drivers\btnetBus.sys;c:\windows\SYSNATIVE\Drivers\btnetBus.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTSUER;Realtek USB Card Reader - UER;c:\windows\system32\Drivers\RtsUer.sys;c:\windows\SYSNATIVE\Drivers\RtsUer.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
R4 ALCATEL;ALCATEL;c:\program files\Modem OT-X080C\DataCardService.exe;c:\program files\Modem OT-X080C\DataCardService.exe [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R4 iumsvc;Intel(R) Update Manager;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [x]
R4 moohelp;The Cleaner 2011 Helper Service;c:\program files (x86)\The Cleaner\mhelper.exe;c:\program files (x86)\The Cleaner\mhelper.exe [x]
R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
R4 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 DRVECDB;DRVECDB;c:\windows\System32\Drivers\DRVECDB.SYS;c:\windows\SYSNATIVE\Drivers\DRVECDB.SYS [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswKbd;aswKbd; [x]
S1 DLARTL_E;DLARTL_E;c:\windows\system32\Drivers\DLARTL_E.SYS;c:\windows\SYSNATIVE\Drivers\DLARTL_E.SYS [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrvx64.sys;c:\windows\SYSNATIVE\drivers\rsdrvx64.sys [x]
S2 AtomicAlarmClock;Atomic Alarm Clock Time;c:\program files\Atomic Alarm Clock\timeserv.exe;c:\program files\Atomic Alarm Clock\timeserv.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DLABMFSE;DLABMFSE;c:\windows\system32\DLA\DLABMFSE.SYS;c:\windows\SYSNATIVE\DLA\DLABMFSE.SYS [x]
S2 DLABOIOE;DLABOIOE;c:\windows\system32\DLA\DLABOIOE.SYS;c:\windows\SYSNATIVE\DLA\DLABOIOE.SYS [x]
S2 DLADResE;DLADResE;c:\windows\system32\DLA\DLADResE.SYS;c:\windows\SYSNATIVE\DLA\DLADResE.SYS [x]
S2 DLAIFS_E;DLAIFS_E;c:\windows\system32\DLA\DLAIFS_E.SYS;c:\windows\SYSNATIVE\DLA\DLAIFS_E.SYS [x]
S2 DLAOPIOE;DLAOPIOE;c:\windows\system32\DLA\DLAOPIOE.SYS;c:\windows\SYSNATIVE\DLA\DLAOPIOE.SYS [x]
S2 DLAPoolE;DLAPoolE;c:\windows\system32\DLA\DLAPoolE.SYS;c:\windows\SYSNATIVE\DLA\DLAPoolE.SYS [x]
S2 DLAUDF_E;DLAUDF_E;c:\windows\system32\DLA\DLAUDF_E.SYS;c:\windows\SYSNATIVE\DLA\DLAUDF_E.SYS [x]
S2 DLAUDFAE;DLAUDFAE;c:\windows\system32\DLA\DLAUDFAE.SYS;c:\windows\SYSNATIVE\DLA\DLAUDFAE.SYS [x]
S2 DRVEDDM;DRVEDDM;c:\windows\system32\Drivers\DRVEDDM.SYS;c:\windows\SYSNATIVE\Drivers\DRVEDDM.SYS [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys;c:\windows\SYSNATIVE\drivers\keyscrambler.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2015-10-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-06 04:23]
.
2015-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-253613572-436576288-3170836619-1000Core.job
- c:\users\bouhmadi\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-08 19:19]
.
2015-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-253613572-436576288-3170836619-1000UA.job
- c:\users\bouhmadi\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-08 19:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2012-04-05 7520768]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-08-09 1425408]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0723EB37-EC3F-40D7-9491-F3B9EFCEFDCD}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{0723EB37-EC3F-40D7-9491-F3B9EFCEFDCD}\14E4F4E495D4F4553513430383: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Youppizack\AppData\Roaming\Mozilla\Firefox\Profiles\weo65ng9.default\
FF - prefs.js: browser.startup.homepage - hxxp://duckduckgo.com/
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Wow6432Node-HKU-Default-Run-ZoneAlarm Windows 10 Upgrader - c:\programdata\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Coupe du monde 2014_is1 - c:\programfiles\cdm2014\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\EverestDriver]
"ImagePath"="\??\c:\users\Youppizack\Mes Programmes\EVEREST.Ultimate.Edition v.5.50.2253+Keygen\Everest_Ultimate_Build_2253\kerneld.amd64"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML.KJOE5CON4YSEURCOUTJD6SBO2M"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML.KJOE5CON4YSEURCOUTJD6SBO2M"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML.KJOE5CON4YSEURCOUTJD6SBO2M"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML.KJOE5CON4YSEURCOUTJD6SBO2M"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML.KJOE5CON4YSEURCOUTJD6SBO2M"
.
[HKEY_USERS\S-1-5-21-253613572-436576288-3170836619-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2015-10-31  03:27:36 - La machine a redémarré
ComboFix-quarantined-files.txt  2015-10-31 03:27
.
Avant-CF: 75 473 014 784 octets libres
Après-CF: 74 958 454 784 octets libres
.
- - End Of File - - 740FDAE39B00A90278B9E90444CBB128
A36C5E4F47E84449FF07ED3517B43A31

Merci de m'indiquer s'il y a des faux positifs.
Sinon est ce que la désinfection est certaine?

Merci infiniment pour votre aide.

[Malekal_morte]

Salut,

Pas infecté.

[YouppiZack]

Salut Malekal-Morte

Vous en êtes sûr?!! Pas besoin de formater mon disque dur ??

J'ai un autre petit souci que j'aimerais rapporter sur votre site.
Je viens de recevoir un mail étrange sur ma boite:

Code : Tout sélectionner

Finally EXPOSED
You are losing ...
Because you do not use
our site w_w_w d_o_t_22maya_d_o_t c_o_m

kindly remove the _ and replace the dot with real .
sorry to make it look strange like that
trying to get my message deliverd
so kindly reply me back confirming safe receving

Comme je n'y connais rien j'ai essayé de Googoliser le site semble louche pour moi

Merci pour votre aide précieuse.

[Malekal_morte]

Bien sûr que ce je suis sûr...

Pour le mail, c'est du SPAM / Pourriel.

[YouppiZack]

C cool
Merci infiniment et continuez à faire du bon boulot c'est vraiment top!

[Malekal_morte]

Merci