Sujet Précédent Sujet Suivant

Antvir. n'est pas une application win32 valid

Fermé
const - 31 oct. 2009 à 02:43
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 - 31 oct. 2009 à 02:45
Bonjour,

Merci d'avance pour vos conseils.
J'ai télécharge pour mon épouse un tetris un peu infecté avec un trojan à l'aide d'emule.
Apres l'installation depuis une archive zip auto-extractable, il me bloque les antivirus, en me donant le message "<nom antivirus> n'est pas une application win32 valide".
Voici le rapport de ComboFix lancé apres.

ComboFix 09-10-27.07 - DELL 28/10/2009 15:28.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2045.942 [GMT 1:00]
Lancé depuis: c:\users\DELL\Documents\Downloads\ComboFi.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1156096930-2836191889-3919688664-500
c:\$recycle.bin\S-1-5-21-1476362192-855850843-1709228233-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\users\DELL\AppData\Roaming\drivers\downld
c:\users\DELL\AppData\Roaming\drivers\downld\1192487.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1195342.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1200427.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1207104.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1227743.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1227868.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1227883.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1235637.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1236151.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1236339.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1246915.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1247368.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1247383.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1265324.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1265948.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1266119.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1270472.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1271267.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1271954.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1304870.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1305229.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1305275.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1305587.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1305884.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1314651.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1315166.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1315182.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1318582.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1319269.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1319316.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1330563.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1331172.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1331187.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1338847.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1339908.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1340095.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1348160.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1348862.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1348878.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1356257.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1357427.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1358129.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1385273.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1388705.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1389547.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1397254.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1398673.exe
c:\users\DELL\AppData\Roaming\drivers\downld\1398985.exe
c:\users\DELL\AppData\Roaming\drivers\downld\150828568.exe
c:\users\DELL\AppData\Roaming\drivers\downld\150831906.exe
c:\users\DELL\AppData\Roaming\drivers\downld\150838021.exe
c:\users\DELL\AppData\Roaming\drivers\downld\150841797.exe
c:\users\DELL\AppData\Roaming\drivers\downld\150868535.exe
c:\users\DELL\AppData\Roaming\drivers\downld\150868738.exe
c:\users\DELL\AppData\Roaming\drivers\downld\150873746.exe
c:\users\DELL\AppData\Roaming\drivers\downld\150874401.exe
c:\users\DELL\AppData\Roaming\drivers\downld\150874604.exe
c:\users\DELL\AppData\Roaming\drivers\downld\150889018.exe
c:\users\DELL\AppData\Roaming\drivers\downld\150890235.exe
c:\users\DELL\AppData\Roaming\drivers\downld\150890251.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2512739.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2526311.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2544438.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2546061.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2630878.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2631190.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2636354.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2637618.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2638522.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2656369.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2657227.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2657305.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2684044.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2684933.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2685182.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2691220.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2693060.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2694870.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2792152.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2792729.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2792823.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2793104.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2793291.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2793307.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2806099.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2811153.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2813134.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2834194.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2839280.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2841059.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2854911.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2857673.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2857688.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2864771.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2867345.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2870465.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2898092.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2907796.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2908576.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2916298.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2918435.exe
c:\users\DELL\AppData\Roaming\drivers\downld\2919730.exe
c:\users\DELL\x.exe
c:\windows\system32\ban_list.txt
c:\windows\system32\oem7.inf
c:\users\DELL\AppData\Roaming\drivers\winupgro.exe . . . . impossible à supprimer
c:\windows\system32\mdelk.exe . . . . impossible à supprimer
c:\windows\system32\wintems.exe . . . . impossible à supprimer

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SK9OU0S
-------\Legacy_SROSA
-------\Service_sK9Ou0s


((((((((((((((((((((((((((((( Fichiers créés du 2009-09-28 au 2009-10-28 ))))))))))))))))))))))))))))))))))))
.

2009-10-28 15:44 . 2009-10-28 15:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-28 12:05 . 2009-10-28 13:18 7168 ----a-w- c:\windows\system32\srosa2.sys
2009-10-28 12:04 . 2009-10-28 15:56 -------- d--h--w- c:\users\DELL\AppData\Roaming\drivers
2009-10-27 22:42 . 2009-10-28 12:01 -------- d-----w- c:\program files\Advanced Tetric v3.45
2009-10-27 00:46 . 2001-10-28 16:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2009-10-27 00:46 . 1998-07-13 01:08 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2009-10-27 00:46 . 1998-07-13 01:08 59904 ----a-w- c:\windows\system32\MSCC2FR.DLL
2009-10-27 00:46 . 1998-07-13 01:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2009-10-27 00:46 . 1998-07-06 00:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2009-10-27 00:46 . 2009-10-27 00:47 -------- d-----w- c:\program files\PDFCreator
2009-10-21 22:56 . 2009-10-21 22:56 -------- d-----w- c:\program files\Domain Tools
2009-10-19 18:35 . 2009-10-19 18:35 -------- d-----w- c:\users\DELL\AppData\Roaming\TourDeFlex.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-10-19 18:34 . 2009-10-19 18:35 -------- d-----w- c:\program files\TourDeFlex
2009-10-19 18:33 . 2009-10-19 18:33 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-17 00:15 . 2009-10-17 00:15 -------- d-----w- c:\windows\system32\Adobe
2009-10-08 23:51 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-03 21:39 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-03 21:39 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-03 21:39 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-03 21:39 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-03 21:38 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-03 21:38 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-03 21:38 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-03 21:37 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-03 21:37 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-28 15:55 . 2009-01-08 00:26 110488 ----a-w- c:\programdata\nvModes.dat
2009-10-28 15:53 . 2006-11-02 15:48 676694 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-28 15:53 . 2006-11-02 15:48 126800 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-28 09:21 . 2009-02-03 22:51 -------- d-----w- c:\program files\F-Secure
2009-10-27 08:55 . 2008-03-04 02:29 -------- d-----w- c:\program files\Java
2009-10-19 18:23 . 2008-09-27 15:53 -------- d-----w- c:\users\DELL\AppData\Roaming\FileZilla
2009-10-18 15:20 . 2009-02-03 08:42 -------- d-----w- c:\users\DELL\AppData\Roaming\Skype
2009-10-18 15:20 . 2008-09-19 12:21 -------- d-----w- c:\users\DELL\AppData\Roaming\skypePM
2009-10-10 22:19 . 2009-09-15 11:19 -------- d-----w- c:\programdata\Microsoft Help
2009-10-09 19:36 . 2009-08-23 22:15 -------- d-----w- c:\users\DELL\AppData\Roaming\vlc
2009-10-09 18:24 . 2009-08-18 10:27 -------- d-----w- c:\users\DELL\AppData\Roaming\dvdcss
2009-09-25 07:33 . 2009-01-27 01:00 7592 ----a-w- c:\users\DELL\AppData\Local\d3d9caps.dat
2009-09-19 16:00 . 2009-03-16 18:50 -------- d-----w- c:\users\DELL\AppData\Roaming\Winamp
2009-09-16 08:30 . 2008-07-17 14:54 100648 ----a-w- c:\users\DELL\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-15 11:22 . 2008-03-04 02:37 -------- d-----w- c:\program files\Microsoft Works
2009-09-15 10:39 . 2009-08-02 13:43 -------- d-----w- c:\users\DELL\AppData\Roaming\ChessBase
2009-09-15 10:39 . 2008-03-04 02:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-15 08:03 . 2009-09-15 08:05 423936 ----a-w- c:\windows\system32\eST3snm6.dll
2009-09-13 21:32 . 2008-03-04 02:41 -------- d-----w- c:\programdata\Roxio
2009-09-13 20:45 . 2009-09-13 20:44 -------- d-----w- c:\program files\MagicISO
2009-08-28 12:39 . 2009-09-02 22:01 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-02 22:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2008-12-16 13:23 . 2008-12-16 13:23 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-03-04 02:35 . 2008-03-04 02:35 76 --sh--r- c:\windows\CT4CET.bin
2008-03-04 10:13 . 2008-03-04 09:57 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2006-07-09 856064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2006-07-09 856064]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-06-09 96800]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2009-10-28 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2009-10-28 1182304]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-02-25 37888]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

c:\users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
ProjectWhois.lnk - c:\program files\Domain Tools\ProjectWhois\ProjectWhois.exe [2006-11-21 147456]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-3-4 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^DELL^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WinMySQLadmin.lnk]
path=c:\users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinMySQLadmin.lnk
backup=c:\windows\pss\WinMySQLadmin.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1476362192-855850843-1709228233-1000]
"EnableNotificationsRef"=dword:00000005

R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [16/02/2009 00:10 33920]
R2 {2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7};{2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7};c:\program files\Dell\MediaDirect\000.fcl [04/03/2008 03:50 39408]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [04/03/2008 03:18 73728]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [10/12/2008 00:10 24636]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [22/09/2008 12:40 14336]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [04/03/2008 11:13 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [04/03/2008 11:13 7424]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [16/02/2009 00:00 55904]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [04/03/2008 03:45 29744]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\System32\drivers\massfilter.sys [15/09/2008 13:26 7168]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\System32\drivers\ZTEusbnet.sys [23/06/2009 09:26 110080]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\System32\drivers\zteusbvoice.sys [23/06/2009 09:26 104960]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - SROSA
*Deregistered* - mbr
*Deregistered* - srosa
.
Contenu du dossier 'Tâches planifiées'

2009-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1476362192-855850843-1709228233-1000Core.job
- c:\users\DELL\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-12 00:19]

2009-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1476362192-855850843-1709228233-1000UA.job
- c:\users\DELL\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-12 00:19]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.yahoo.com
mStart Page = hxxp://fr.yahoo.com
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.04\AMVConverter\grab.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.04\MediaManager\grab.html
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-28 16:56
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

c:\users\DELL\AppData\Roaming\hidires\flec003.exe [4156] 0x842D4800

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\system32\mdelk.exe 71684 bytes executable
c:\windows\system32\wfsintwq.sys 119188 bytes executable
c:\windows\system32\wintems.exe 71684 bytes executable
c:\users\DELL\AppData\Local\Temp\Temp2_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared
c:\users\DELL\AppData\Local\Temp\Temp2_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared\calendar.gif 979 bytes
c:\users\DELL\AppData\Local\Temp\Temp2_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared\glass-bg.gif 873 bytes
c:\users\DELL\AppData\Local\Temp\Temp2_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared\left-btn.gif 870 bytes
c:\users\DELL\AppData\Local\Temp\Temp2_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared\right-btn.gif 871 bytes
c:\users\DELL\AppData\Local\Temp\Temp2_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared\warning.gif 960 bytes
c:\users\DELL\AppData\Local\Temp\Temp2_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared
c:\users\DELL\AppData\Local\Temp\Temp2_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\blue-loading.gif 3236 bytes
c:\users\DELL\AppData\Local\Temp\Temp2_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\calendar.gif 979 bytes
c:\users\DELL\AppData\Local\Temp\Temp2_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\glass-bg.gif 873 bytes
c:\users\DELL\AppData\Local\Temp\Temp2_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\hd-sprite.gif 1099 bytes
c:\users\DELL\AppData\Local\Temp\Temp2_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\large-loading.gif 3236 bytes
c:\users\DELL\AppData\Local\Temp\Temp2_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\left-btn.gif 870 bytes
c:\users\DELL\AppData\Local\Temp\Temp2_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\loading-balls.gif 2118 bytes
c:\users\DELL\AppData\Local\Temp\Temp2_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\right-btn.gif 871 bytes
c:\users\DELL\AppData\Local\Temp\Temp2_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\warning.gif 960 bytes
c:\users\DELL\AppData\Local\Temp\Temp3_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared
c:\users\DELL\AppData\Local\Temp\Temp3_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared\calendar.gif 979 bytes
c:\users\DELL\AppData\Local\Temp\Temp3_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared\glass-bg.gif 873 bytes
c:\users\DELL\AppData\Local\Temp\Temp3_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared\left-btn.gif 870 bytes
c:\users\DELL\AppData\Local\Temp\Temp3_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared\right-btn.gif 871 bytes
c:\users\DELL\AppData\Local\Temp\Temp3_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared\warning.gif 960 bytes
c:\users\DELL\AppData\Local\Temp\Temp3_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared
c:\users\DELL\AppData\Local\Temp\Temp3_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\blue-loading.gif 3236 bytes
c:\users\DELL\AppData\Local\Temp\Temp3_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\calendar.gif 979 bytes
c:\users\DELL\AppData\Local\Temp\Temp3_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\glass-bg.gif 873 bytes
c:\users\DELL\AppData\Local\Temp\Temp3_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\hd-sprite.gif 1099 bytes
c:\users\DELL\AppData\Local\Temp\Temp3_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\large-loading.gif 3236 bytes
c:\users\DELL\AppData\Local\Temp\Temp3_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\left-btn.gif 870 bytes
c:\users\DELL\AppData\Local\Temp\Temp3_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\loading-balls.gif 2118 bytes
c:\users\DELL\AppData\Local\Temp\Temp3_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\right-btn.gif 871 bytes
c:\users\DELL\AppData\Local\Temp\Temp3_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\warning.gif 960 bytes
c:\users\DELL\AppData\Local\Temp\Temp2_Autorun.zip\Autorun.inf 92 bytes
c:\users\DELL\AppData\Local\Temp\Temp3_Autorun.zip\Autorun.inf 92 bytes
c:\users\DELL\AppData\Local\Temp\Temp4_Autorun.zip\Autorun.inf 92 bytes
c:\users\DELL\AppData\Local\Temp\Temp4_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared
c:\users\DELL\AppData\Local\Temp\Temp4_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared\calendar.gif 979 bytes
c:\users\DELL\AppData\Local\Temp\Temp4_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared\glass-bg.gif 873 bytes
c:\users\DELL\AppData\Local\Temp\Temp4_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared\left-btn.gif 870 bytes
c:\users\DELL\AppData\Local\Temp\Temp4_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared\right-btn.gif 871 bytes
c:\users\DELL\AppData\Local\Temp\Temp4_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared\warning.gif 960 bytes
c:\users\DELL\AppData\Local\Temp\Temp4_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared
c:\users\DELL\AppData\Local\Temp\Temp4_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\blue-loading.gif 3236 bytes
c:\users\DELL\AppData\Local\Temp\Temp4_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\calendar.gif 979 bytes
c:\users\DELL\AppData\Local\Temp\Temp4_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\glass-bg.gif 873 bytes
c:\users\DELL\AppData\Local\Temp\Temp4_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\hd-sprite.gif 1099 bytes
c:\users\DELL\AppData\Local\Temp\Temp4_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\large-loading.gif 3236 bytes
c:\users\DELL\AppData\Local\Temp\Temp4_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\left-btn.gif 870 bytes
c:\users\DELL\AppData\Local\Temp\Temp4_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\loading-balls.gif 2118 bytes
c:\users\DELL\AppData\Local\Temp\Temp4_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\right-btn.gif 871 bytes
c:\users\DELL\AppData\Local\Temp\Temp4_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\warning.gif 960 bytes
c:\users\DELL\AppData\Local\Temp\Temp5_Autorun.zip\Autorun.inf 92 bytes
c:\users\DELL\AppData\Local\Temp\Temp5_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared
c:\users\DELL\AppData\Local\Temp\Temp5_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared\calendar.gif 979 bytes
c:\users\DELL\AppData\Local\Temp\Temp5_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared\glass-bg.gif 873 bytes
c:\users\DELL\AppData\Local\Temp\Temp5_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared\left-btn.gif 870 bytes
c:\users\DELL\AppData\Local\Temp\Temp5_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared\right-btn.gif 871 bytes
c:\users\DELL\AppData\Local\Temp\Temp5_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared\warning.gif 960 bytes
c:\users\DELL\AppData\Local\Temp\Temp5_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared
c:\users\DELL\AppData\Local\Temp\Temp5_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\blue-loading.gif 3236 bytes
c:\users\DELL\AppData\Local\Temp\Temp5_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\calendar.gif 979 bytes
c:\users\DELL\AppData\Local\Temp\Temp5_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\glass-bg.gif 873 bytes
c:\users\DELL\AppData\Local\Temp\Temp5_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\hd-sprite.gif 1099 bytes
c:\users\DELL\AppData\Local\Temp\Temp5_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\large-loading.gif 3236 bytes
c:\users\DELL\AppData\Local\Temp\Temp5_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\left-btn.gif 870 bytes
c:\users\DELL\AppData\Local\Temp\Temp5_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\loading-balls.gif 2118 bytes
c:\users\DELL\AppData\Local\Temp\Temp5_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\right-btn.gif 871 bytes
c:\users\DELL\AppData\Local\Temp\Temp5_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\warning.gif 960 bytes
c:\users\DELL\AppData\Local\Temp\Temp1_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared
c:\users\DELL\AppData\Local\Temp\Temp1_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared\calendar.gif 979 bytes
c:\users\DELL\AppData\Local\Temp\Temp1_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared\glass-bg.gif 873 bytes
c:\users\DELL\AppData\Local\Temp\Temp1_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared\left-btn.gif 870 bytes
c:\users\DELL\AppData\Local\Temp\Temp1_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared\right-btn.gif 871 bytes
c:\users\DELL\AppData\Local\Temp\Temp1_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\include\javascript\ext-1.1.1\resources\images\default\shared\warning.gif 960 bytes
c:\users\DELL\AppData\Local\Temp\Temp1_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared
c:\users\DELL\AppData\Local\Temp\Temp1_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\blue-loading.gif 3236 bytes
c:\users\DELL\AppData\Local\Temp\Temp1_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\calendar.gif 979 bytes
c:\users\DELL\AppData\Local\Temp\Temp1_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\glass-bg.gif 873 bytes
c:\users\DELL\AppData\Local\Temp\Temp1_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\hd-sprite.gif 1099 bytes
c:\users\DELL\AppData\Local\Temp\Temp1_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\large-loading.gif 3236 bytes
c:\users\DELL\AppData\Local\Temp\Temp1_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\left-btn.gif 870 bytes
c:\users\DELL\AppData\Local\Temp\Temp1_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\loading-balls.gif 2118 bytes
c:\users\DELL\AppData\Local\Temp\Temp1_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\right-btn.gif 871 bytes
c:\users\DELL\AppData\Local\Temp\Temp1_SugarCE-5.1.0b.zip\SugarCE-Full-5.1.0b\themes\default\ext\resources\images\default\shared\warning.gif 960 bytes
c:\users\DELL\AppData\Local\Temp\Temp1_Autorun.zip\Autorun.inf 92 bytes
c:\users\DELL\AppData\Roaming\drivers\downld
c:\users\DELL\AppData\Roaming\drivers\winupgro.exe 856064 bytes executable
c:\users\DELL\AppData\Roaming\hidires
c:\users\DELL\AppData\Roaming\hidires\flec003.exe 2557956 bytes executable
c:\users\DELL\AppData\Roaming\hidires\lang
c:\users\DELL\AppData\Roaming\hidires\names.txt 4194 bytes
c:\users\DELL\AppData\Roaming\hidires\WDIR
c:\users\DELL\AppData\Roaming\hidires\webserver

Scan terminé avec succès
Fichiers cachés: 96

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"drvsyskit"="c:\\Users\\DELL\\AppData\\Roaming\\drivers\\winupgro.exe"
"german.exe"="c:\\Windows\\system32\\wintems.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa]
"ImagePath"="\??\c:\windows\system32\wfsintwq.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files\Dell\MediaDirect\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(2276)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WLANExt.exe
c:\windows\System32\bcmwltry.exe
c:\xampp\filezillaftp\filezillaserver.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\combofi\CF48.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Yahoo!\Messenger\YahooMessenger.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\combofi\PEV.cfxxe
.
**************************************************************************
.
Heure de fin: 2009-10-28 17:07 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-28 16:07

Avant-CF: 36 760 334 336 octets libres
Après-CF: 41 206 525 952 octets libres

- - End Of File - - D17781E3080EA6E0A229DB8F41AD43C7

1 réponse

Réponse 1 / 1
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 291
31 oct. 2009 à 02:45
Bonjour,

C'est une infection Bagle.

--> Télécharge FindyKill (de Chiquitine29 & C_XX) sur ton Bureau.

--> Double-clique sur FindyKill présent sur ton Bureau.

--> Tape F puis Entrée pour Français.

--> Au menu principal, choisis l'option 1 (Recherche).

--> Poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
0

Discussions similaires

"Aucune application permettant d'ouvrir cette URL"
sidojaice -
JIP -

24 réponses
Detection PUA: win32 Installcore
Nat -
bazfile -

13 réponses
Installer une application non vérifiée Microsoft Store
Camtajoie -
Kori-Kori -

11 réponses
.exe n'est pas une application win32 valide
TheBlackDream -
TheBlackDream -

4 réponses
infecté par HackTool:Win32/AutoKMS
fredo1968 -
fredo1968 -

5 réponses