Virus Srosa.Sys Bagle Gen Win 32

poste ton rapport hijackthis

Ne fonctionne pas , meme en le renommant !! voici mon Combo Fix :



ComboFix 08-08-16.01 - SYSTEM 2008-08-18 10:23:10.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1679 [GMT 2:00]
Endroit: C:\Users\Max\Desktop\Tralala.exe
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
C:\Users\Enzo\AppData\Roaming\Microsoft\SystemCertificates\M­y
C:\Users\Max\AppData\Roaming\Microsoft\SystemCertificates\My­
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\max@b­luestreak[1].txt
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\max@e­dt02[2].txt
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\max@s­erving-sys[1].txt
C:\Users\Sophie\AppData\Roaming\Microsoft\SystemCertificates­\My
C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Cookies\so­phie@edt02[2].txt
C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Cookies\so­phie@serving-sys[2].txt
C:\Windows\msnimport.exe
C:\Windows\system32\drivers\downld
C:\Windows\system32\drivers\hldrrr.exe
C:\Windows\system32\drivers\mdelk.exe
C:\Windows\system32\x64

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA
-------\Service_srosa


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-18 to 2008-08-18 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 07:34 --------- d-----w C:\Program Files\Sophos
2008-08-18 01:08 --------- d-----w C:\Program Files\Windows Mail
2008-08-17 23:18 --------- d-----w C:\Program Files\Norton Internet Security
2008-08-17 23:18 --------- d-----w C:\Program Files\Microsoft Works
2008-08-17 23:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-17 19:12 --------- d-----w C:\Program Files\Trend Micro
2008-08-17 13:02 --------- d-----w C:\Program Files\EsetOnlineScanner
2008-08-16 19:51 --------- d-----w C:\Users\Max\AppData\Roaming\Malware­bytes
2008-08-16 19:51 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-16 19:51 --------- d-----w C:\PROGRA~2\Malwarebytes
2008-08-16 19:36 --------- d-----w C:\Program Files\Panda Security
2008-08-16 18:00 --------- d-----w C:\Program Files\Alwil Software
2008-08-16 17:11 --------- d-----w C:\PROGRA~2\Symantec
2008-08-16 16:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-06 11:27 --------- d-----w C:\Program Files\Common Files\Steam
2008-08-06 08:54 --------- d-----w C:\Program Files\Microsoft Money 2005
2008-08-04 16:22 --------- d-----w C:\Users\Max\AppData\Roaming\Real Desktop
2008-07-22 11:15 --------- d-----w C:\Program Files\VirtualDJ
2008-07-22 09:51 --------- d-----w C:\Users\Max\AppData\Roaming\GetRightToGo
2008-07-22 09:07 --------- d-----w C:\Users\Max\AppData\Roaming\Apple Computer
2008-07-22 09:06 --------- d-----w C:\Program Files\iTunes
2008-07-22 09:06 --------- d-----w C:\Program Files\iPod
2008-07-22 09:06 --------- d-----w C:\PROGRA~2\Apple Computer
2008-07-21 19:27 --------- d-----w C:\Program Files\QuickTime
2008-07-21 19:27 --------- d-----w C:\Program Files\Bonjour
2008-07-21 19:25 --------- d-----w C:\Program Files\Apple Software Update
2008-07-21 19:24 --------- d-----w C:\Program Files\Common Files\Apple
2008-07-21 19:24 --------- d-----w C:\PROGRA~2\Apple
2008-07-10 15:05 174 --sha-w C:\Program Files\desktop.ini
2008-07-03 11:33 --------- d-----w C:\Program Files\Trials 2 Second Edition
2008-07-03 11:33 --------- d-----w C:\Program Files\OpenAL
2008-07-03 01:55 --------- d-----w C:\Users\Max\AppData\Roaming\Free Download Manager
2008-06-28 17:28 --------- d-----w C:\Program Files\Picasa2
2008-06-28 17:28 --------- d-----w C:\Program Files\Google
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-05-06 16:03 22,328 ----a-w C:\Users\Max\AppData\Roaming\PnkBstrK.sys
2006-04-30 21:10 7,158,784 ----a-w C:\Users\Max\Oblivion.exe
2006-03-25 14:57 22,016 ----a-w C:\Users\Max\Oblivion_All_Languages_NoDVD.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-08-18 10:19 107112]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2008-08-18 10:19 22696]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 12:39 151552]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2006-08-08 10:06 708616]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-08-08 10:06 708616]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 11:56 423424]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"V0230Mon.exe"="C:\Windows\V0230Mon.exe" [2006-09-07 02:01 32768]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 14:35 176128]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 17:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 11:45 222208]
"RtHDVCpl"="RtHDVCpl.exe" [2006-08-08 10:06 708616 C:\Windows\System32\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-03 19:07:23 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3006126301-1578542936-2715256611-1003]
"EnableNotificationsRef"=dword:00000004

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{722D1D9F-5885-4D78-9DA5-2079562B23C7}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BE342372-9CEB-4827-80F2-75D04B42BCD6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E6316576-679F-4665-9D38-E34D3DFC70A6}"= C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{34B087DC-CD9D-44C6-B626-3F79DC528461}"= C:\Program Files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{AE078BE2-6F15-4D46-9C88-57063ADCD039}"= C:\Program Files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{A0645421-8520-4699-BD1C-254AAC4ACF0C}"= C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{A267EABF-3BE8-45D5-97BE-20BDC6E94454}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{B65BD99F-0C27-4848-9D05-2EF76839A98F}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{63ED5734-C34C-4108-B30E-7A68A4E37CF7}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{5C9100D0-6E96-4D13-A069-91D6253E974F}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{1FEA4046-16A6-4104-BBA3-4A52AC6058CA}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{F21B0008-368B-464F-B72B-32C2ED450D31}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{72E5566D-93F1-447B-B55F-36D91E7CE801}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{CBB98356-FEB1-4F1D-AD20-328376C01391}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{4EA560A4-A1AD-490E-B7DC-8A5CA26B32F3}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{13FCDB65-9605-496A-9376-EE958E7CE785}"= Disabled:UDP:C:\Users\Sophie\Desktop\incredimail_install.exe:IncrediMail Installer
"{06B24F33-CCFA-4591-8C2A-43D8780ED991}"= Disabled:TCP:C:\Users\Sophie\Desktop\incredimail_install.exe:IncrediMail Installer
"{3EAFD950-B855-4343-B5E6-D4EE1C5CFE80}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{0DAD94A7-6615-4A29-8E0E-5C5B489A60F8}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{0BA2B1EF-2E95-4136-9A26-66CCE3C4F8DD}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{9BD7D90E-C2C5-48D6-A0A6-B1D24AC6D299}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{C976A610-71D2-4138-9C3D-3D13A03BDDC8}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{ED7352BB-FCAF-42B9-A79B-37BBEF79A40C}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{23972178-9F29-4C36-9836-81AB27CB1B4A}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{69F65F90-AE40-409B-84D8-E82490A5C3CF}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{4B2B9988-801D-46A7-B7F7-2B5B772D2D33}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{9BC49054-781C-4BCD-B99E-2F39D931C498}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{C25FCB01-05AD-4438-8D7D-33F9F851B9E2}"= UDP:C:\Users\Max\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{1BE80DFF-11FE-4C2A-BD20-317488140744}"= TCP:C:\Users\Max\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{045C99CF-81E6-4F27-8D3E-2CE8A4C1FD42}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{70D07A8C-0B5D-49B9-9307-4A3B7AC694D9}"= TCP:C:\Program Files\eMule\emule.exe:eMule
"TCP Query User{C3305525-5063-4753-9991-26A4E629A15F}C:\\program files\\valve\\steam\\steamapps\\cococerise\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe:hl2
"UDP Query User{7120ECFE-090D-4255-8008-E2A3FD5EDEA8}C:\\program files\\valve\\steam\\steamapps\\cococerise\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe:hl2
"{834019A6-1007-4639-AD21-2C2390734716}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{7C515A61-FD49-401B-836A-0ED2C3D00E27}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{3E5FF350-6E17-49BB-9CBD-ACF024C7B720}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7E4081CB-839A-450E-8507-B20123812CF9}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{4D7503EF-EA76-48EF-8853-F9972D9EDF5C}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{4CD403E8-C83E-41B8-A895-FCEE1A4D6CCB}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8151E3B8-D46D-4564-BEA6-6557386D5320}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{B0406940-8CA9-4E6F-9CF3-E4C13EC133EC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E14E56EE-22BE-48C4-8FE1-DD4F0B378052}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-11-04 03:24]
S1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080122.002\IDSvix86.sys [2007-11-06 18:07]
S2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 10:03]
S2 nmsgopro;GoProto Protocol Driver for NMS;C:\Windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 17:37]
S2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 16:49]
S3 IntelDHSvcConf;IntelDHSvcConf;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-11-18 07:59]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-08-04 18:28]
S3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-11-21 06:34]
S3 V0230Vfx;V0230Vfx;C:\Windows\system32\DRIVERS\V0230Vfx.sys [2006-03-24 02:00]
S3 V0230VID;Live! Cam Video IM Pro;C:\Windows\system32\DRIVERS\V0230VID.sys [2007-08-07 02:03]

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-18 C:\Windows\Tasks\User_Feed_Synchronization-{08F52541-BB99-43D5-B22D-6E24A2A342B5}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]

2008-08-17 C:\Windows\Tasks\User_Feed_Synchronization-{399B12F5-B8AF-4FB0-AE82-B196D11AB044}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]

2008-08-18 C:\Windows\Tasks\User_Feed_Synchronization-{7069164B-34C3-444F-A488-9B5EFDB50680}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-IgfxTray - C:\Windows\system32\igfxtray.exe
HKLM-Run-HotKeysCmds - C:\Windows\system32\hkcmd.exe
HKLM-Run-Persistence - C:\Windows\system32\igfxpers.exe
HKLM-Run-Apanel - C:\ACERSW\config\SetApanel.cmd
HKLM-Run-zzz_ImInstaller_IncrediMail - C:\Users\Sophie\AppData\Local\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Windows\System32\config\SYSTEM~1\AppData\Roaming\Mozilla\Firefox\Profiles\feblkjzc.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 10:28:40
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\HelpPane.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-18 10:33:07 - machine was rebooted [SYSTEM]
ComboFix-quarantined-files.txt 2008-08-18 08:31:59

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 44,149,485,568 octets libres

229 --- E O F --- 2008-08-18 01:02:51

non non, file moi ton rapport hijackthis, c'est plus facilement decryptable lol

mais tu le fais exprès, HIJACKTHIS ne fonctionne pas !!!! (Application Win32 non valide !)

arg, la t'as un gros probleme ... tu as une sauvegarde de ton registre avant coup ?

Je ne sais pas, comment fait t on pour savoir si une sauvegarde du registre a été effectuée ? (désolé c'est le PC famillial =S) (et j'ai 14 ans)

si c'est le PC familial et que y a une merde de ce genre la, telecharge avast, et prie pour qu'au redemarrage d'apres il ait tout enlevé

jpris quoi !!!! LIS MON PREMIER MESSAGE !!!!! AUCUN ANTIVIRUS NE FONCTIONNE!

Salut max,

Telecharge FindB sur ton bureau :

http://www.sendspace.com/file/nantsy


Dézippe FindB

Dans le dossier créé,
Double clic sur FindB ou FindB.cmd

post le rapport FindB.txt qui c est ouvert
note : le rapport FindB.txt est sauvegerdé a la racine du disque A découvrir : Estopa, Rosario Flores, La Oreja De Van Gogh
                   Bonne écoute 
                   @ + TChiki.

Voila le rapport FindB ^^ :

+- FindB par Chiquitine29



+- Execute le : 2008-08-18 a 11:49:28.29



+- Recherche de fichier bagle :


C:\Windows\system32\mdelk.exe Absent
C:\Windows\system32\wintems.exe Absent
C:\Windows\system32\ban_list.txt Absent
C:\Windows\system32\drivers\mdelk.exe Présent!!
C:\Windows\system32\drivers\srosa.sys Présent!!
C:\Windows\system32\drivers\hldrrr.exe Présent!!
C:\Users\Max\AppData\Roaming\m\flec006.exe Absent
C:\Windows\system32\drivers\downld Présent!!
C:\Users\Max\AppData\Roaming\m Absent

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion­\Run
RtHDVCpl REG_SZ RtHDVCpl.exe
ccApp REG_SZ "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
osCheck REG_SZ "c:\Program Files\Norton Internet Security\osCheck.exe"
IAAnotif REG_SZ "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
Acer Empowering Technology Monitor REG_SZ C:\Acer\Empowering Technology\SysMonitor.exe
eDataSecurity Loader REG_SZ C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
CCUTRAYICON REG_SZ FactoryMode
NMSSupport REG_SZ "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
WarReg_PopUp REG_SZ C:\Acer\WR_PopUp\WarReg_PopUp.exe
Acer Tour Reminder REG_SZ C:\Acer\AcerTour\Reminder.exe
V0230Mon.exe REG_SZ C:\Windows\V0230Mon.exe
Symantec PIF AlertEng REG_SZ "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
NeroFilterCheck REG_SZ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
WPCUMI REG_SZ C:\Windows\system32\WpcUmi.exe
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
AppleSyncNotifier REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
Steam REG_SZ "c:\program files\valve\steam\steam.exe" -silent
Speech Recognition REG_SZ "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
Real Desktop REG_SZ "C:\Program Files\Real Desktop\Real Desktop.exe"


+- Recherche terminee !



+- Fin du compte rendu

Merci de ton aide.

1) supprime tout tes cracks, et keygens, sinon l infection va se relancer

2)télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\Windows\system32\drivers\mdelk.exe
C:\Windows\system32\drivers\srosa.sys
C:\Windows\system32\drivers\hldrrr.exe
C:\Windows\system32\drivers\downld

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.


3) relance Tralala.exe (combofix) et post son rapport
A découvrir : Estopa, Rosario Flores, La Oreja De Van Gogh
                   Bonne écoute 
                   @ + TChiki.

snif :

File move failed. C:\Windows\system32\drivers\mdelk.exe scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\srosa.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\hldrrr.exe scheduled to be moved on reboot.
Folder move failed. C:\Windows\system32\drivers\downld scheduled to be moved on reboot.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08182008_120259

Files moved on Reboot...
File move failed. C:\Windows\system32\drivers\mdelk.exe scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\srosa.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\hldrrr.exe scheduled to be moved on reboot.
Folder move failed. C:\Windows\system32\drivers\downld scheduled to be moved on reboot.

ok redémarre et passe tralala.exe (combofix) A découvrir : Estopa, Rosario Flores, La Oreja De Van Gogh
                   Bonne écoute 
                   @ + TChiki.

Bonjour, je suis infecté par le Virus Bagen Win 32 (vista recherche de solution aux problème due a un Bsod).
HijackThis : fonctionne pas
Eglibagla: ne supprime rien mais indique la présence d'un Srosa.sys et de hldrrr.exe
Norton : fonctionne pas
Avast : fonctionne pas
Combo Fix: où est le rapport svp ?
Gmer : trouve Srosa (HIDDEN), mais impossible de désactiver ou de supprimer le service.


Merci de vos prochaines réponses

Juste pour précision, 2 AntiVirus sur un ordi, l'ordi aura beaucoup plus de risques. Surtout avec Norton et Avast...

Mais je pense que Chiquitine fera le nécessaire :)

Bonne journée.

t'inquiete, les 2 n'ont pas été testé avec une installation commune ;)

Log combo fix :


ComboFix 08-08-16.01 - SYSTEM 2008-08-18 12:33:33.3 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1691 [GMT 2:00]
Endroit: C:\Users\Max\Desktop\Tralala.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Max\AppData\Roaming\Microsoft\SystemCertificates\My­
C:\Windows\system32\drivers\downld
C:\Windows\system32\drivers\hldrrr.exe
C:\Windows\system32\drivers\mdelk.exe
.
---- Previous Run -------
.
C:\Users\Max\AppData\Roaming\Microsoft\SystemCertificates\My­

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA
-------\Legacy_SROSA
-------\Service_srosa


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-18 to 2008-08-18 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 09:02 --------- d-----w C:\Program Files\Human
2008-08-18 07:34 --------- d-----w C:\Program Files\Sophos
2008-08-18 01:08 --------- d-----w C:\Program Files\Windows Mail
2008-08-17 23:18 --------- d-----w C:\Program Files\Norton Internet Security
2008-08-17 23:18 --------- d-----w C:\Program Files\Microsoft Works
2008-08-17 23:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-17 13:02 --------- d-----w C:\Program Files\EsetOnlineScanner
2008-08-16 19:51 --------- d-----w C:\Users\Max\AppData\Roaming\Malware­bytes
2008-08-16 19:51 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-16 19:51 --------- d-----w C:\PROGRA~2\Malwarebytes
2008-08-16 19:36 --------- d-----w C:\Program Files\Panda Security
2008-08-16 18:00 --------- d-----w C:\Program Files\Alwil Software
2008-08-16 17:11 --------- d-----w C:\PROGRA~2\Symantec
2008-08-16 16:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-06 11:27 --------- d-----w C:\Program Files\Common Files\Steam
2008-08-06 08:54 --------- d-----w C:\Program Files\Microsoft Money 2005
2008-08-04 16:22 --------- d-----w C:\Users\Max\AppData\Roaming\Real Desktop
2008-07-22 09:51 --------- d-----w C:\Users\Max\AppData\Roaming\GetRightToGo
2008-07-22 09:07 --------- d-----w C:\Users\Max\AppData\Roaming\Apple Computer
2008-07-22 09:06 --------- d-----w C:\Program Files\iTunes
2008-07-22 09:06 --------- d-----w C:\Program Files\iPod
2008-07-22 09:06 --------- d-----w C:\PROGRA~2\Apple Computer
2008-07-21 19:27 --------- d-----w C:\Program Files\QuickTime
2008-07-21 19:27 --------- d-----w C:\Program Files\Bonjour
2008-07-21 19:25 --------- d-----w C:\Program Files\Apple Software Update
2008-07-21 19:24 --------- d-----w C:\Program Files\Common Files\Apple
2008-07-21 19:24 --------- d-----w C:\PROGRA~2\Apple
2008-07-10 15:05 174 --sha-w C:\Program Files\desktop.ini
2008-07-03 11:33 --------- d-----w C:\Program Files\Trials 2 Second Edition
2008-07-03 11:33 --------- d-----w C:\Program Files\OpenAL
2008-07-03 01:55 --------- d-----w C:\Users\Max\AppData\Roaming\Free Download Manager
2008-06-28 17:28 --------- d-----w C:\Program Files\Picasa2
2008-06-28 17:28 --------- d-----w C:\Program Files\Google
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-05-06 16:03 22,328 ----a-w C:\Users\Max\AppData\Roaming\PnkBstrK.sys
2006-04-30 21:10 7,158,784 ----a-w C:\Users\Max\Oblivion.exe
2006-03-25 14:57 22,016 ----a-w C:\Users\Max\Oblivion_All_Languages_NoDVD.exe
.

((((((((((((((((((((((((((((( snapshot@2008-08-18_10.31.42.94 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-18 08:28:14 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-08-18 10:38:33 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-08-18 10:38:33 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-08-18 08:28:14 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-08-18 10:38:33 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-08-18 10:38:33 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-08-18 08:28:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-18 10:38:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-18 08:33:00 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008081820080819\index.dat
- 2008-08-18 08:28:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-18 10:38:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-18 08:28:39 53,248 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Temp\catchme.dll
+ 2008-08-18 10:38:58 53,248 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Temp\catchme.dll
- 2008-08-18 08:28:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-18 10:38:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-25 11:51:40 387,928 ----a-w C:\Windows\System32\FNTCACHE.DAT
+ 2008-08-18 10:05:08 387,968 ----a-w C:\Windows\System32\FNTCACHE.DAT
- 2008-08-18 08:26:32 107,004 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-08-18 10:36:00 107,004 ----a-w C:\Windows\System32\perfc009.dat
- 2008-08-18 08:26:32 121,436 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-08-18 10:36:00 121,436 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-08-18 08:26:32 617,860 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-08-18 10:36:00 617,860 ----a-w C:\Windows\System32\perfh009.dat
- 2008-08-18 08:26:32 699,236 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-08-18 10:36:00 699,236 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-08-18 08:19:16 4,336 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3006126301-1578542936-2715256611-1003_UserData.bin
+ 2008-08-18 10:11:50 4,644 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3006126301-1578542936-2715256611-1003_UserData.bin
- 2008-08-18 08:19:16 62,788 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-18 10:11:49 62,922 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-18 08:19:13 41,810 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-18 10:11:48 42,056 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-08-18 12:29 107112]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2008-08-18 12:29 22696]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 12:39 151552]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2006-08-08 10:06 708616]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-08-08 10:06 708616]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 11:56 423424]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"V0230Mon.exe"="C:\Windows\V0230Mon.exe" [2006-09-07 02:01 32768]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 14:35 176128]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 17:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 11:45 222208]
"RtHDVCpl"="RtHDVCpl.exe" [2006-08-08 10:06 708616 C:\Windows\System32\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-03 19:07:23 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3006126301-1578542936-2715256611-1003]
"EnableNotificationsRef"=dword:00000004

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{722D1D9F-5885-4D78-9DA5-2079562B23C7}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BE342372-9CEB-4827-80F2-75D04B42BCD6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E6316576-679F-4665-9D38-E34D3DFC70A6}"= C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{34B087DC-CD9D-44C6-B626-3F79DC528461}"= C:\Program Files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{AE078BE2-6F15-4D46-9C88-57063ADCD039}"= C:\Program Files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{A0645421-8520-4699-BD1C-254AAC4ACF0C}"= C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{A267EABF-3BE8-45D5-97BE-20BDC6E94454}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{B65BD99F-0C27-4848-9D05-2EF76839A98F}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{63ED5734-C34C-4108-B30E-7A68A4E37CF7}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{5C9100D0-6E96-4D13-A069-91D6253E974F}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{1FEA4046-16A6-4104-BBA3-4A52AC6058CA}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{F21B0008-368B-464F-B72B-32C2ED450D31}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{72E5566D-93F1-447B-B55F-36D91E7CE801}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{CBB98356-FEB1-4F1D-AD20-328376C01391}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{4EA560A4-A1AD-490E-B7DC-8A5CA26B32F3}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{13FCDB65-9605-496A-9376-EE958E7CE785}"= Disabled:UDP:C:\Users\Sophie\Desktop\incredimail_install.exe:IncrediMail Installer
"{06B24F33-CCFA-4591-8C2A-43D8780ED991}"= Disabled:TCP:C:\Users\Sophie\Desktop\incredimail_install.exe:IncrediMail Installer
"{3EAFD950-B855-4343-B5E6-D4EE1C5CFE80}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{0DAD94A7-6615-4A29-8E0E-5C5B489A60F8}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{0BA2B1EF-2E95-4136-9A26-66CCE3C4F8DD}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{9BD7D90E-C2C5-48D6-A0A6-B1D24AC6D299}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{C976A610-71D2-4138-9C3D-3D13A03BDDC8}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{ED7352BB-FCAF-42B9-A79B-37BBEF79A40C}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{23972178-9F29-4C36-9836-81AB27CB1B4A}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{69F65F90-AE40-409B-84D8-E82490A5C3CF}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{4B2B9988-801D-46A7-B7F7-2B5B772D2D33}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{9BC49054-781C-4BCD-B99E-2F39D931C498}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{C25FCB01-05AD-4438-8D7D-33F9F851B9E2}"= UDP:C:\Users\Max\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{1BE80DFF-11FE-4C2A-BD20-317488140744}"= TCP:C:\Users\Max\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{045C99CF-81E6-4F27-8D3E-2CE8A4C1FD42}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{70D07A8C-0B5D-49B9-9307-4A3B7AC694D9}"= TCP:C:\Program Files\eMule\emule.exe:eMule
"TCP Query User{C3305525-5063-4753-9991-26A4E629A15F}C:\\program files\\valve\\steam\\steamapps\\cococerise\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe:hl2
"UDP Query User{7120ECFE-090D-4255-8008-E2A3FD5EDEA8}C:\\program files\\valve\\steam\\steamapps\\cococerise\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe:hl2
"{834019A6-1007-4639-AD21-2C2390734716}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{7C515A61-FD49-401B-836A-0ED2C3D00E27}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{3E5FF350-6E17-49BB-9CBD-ACF024C7B720}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7E4081CB-839A-450E-8507-B20123812CF9}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{4D7503EF-EA76-48EF-8853-F9972D9EDF5C}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{4CD403E8-C83E-41B8-A895-FCEE1A4D6CCB}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8151E3B8-D46D-4564-BEA6-6557386D5320}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{B0406940-8CA9-4E6F-9CF3-E4C13EC133EC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E14E56EE-22BE-48C4-8FE1-DD4F0B378052}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-11-04 03:24]
S1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080122.002\IDSvix86.sys [2007-11-06 18:07]
S2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 10:03]
S2 nmsgopro;GoProto Protocol Driver for NMS;C:\Windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 17:37]
S2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 16:49]
S3 IntelDHSvcConf;IntelDHSvcConf;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-11-18 07:59]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-08-04 18:28]
S3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-11-21 06:34]
S3 V0230Vfx;V0230Vfx;C:\Windows\system32\DRIVERS\V0230Vfx.sys [2006-03-24 02:00]
S3 V0230VID;Live! Cam Video IM Pro;C:\Windows\system32\DRIVERS\V0230VID.sys [2007-08-07 02:03]

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-18 C:\Windows\Tasks\User_Feed_Synchronization-{08F52541-BB99-43D5-B22D-6E24A2A342B5}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]

2008-08-17 C:\Windows\Tasks\User_Feed_Synchronization-{399B12F5-B8AF-4FB0-AE82-B196D11AB044}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]

2008-08-18 C:\Windows\Tasks\User_Feed_Synchronization-{7069164B-34C3-444F-A488-9B5EFDB50680}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Windows\System32\config\SYSTEM~1\AppData\Roaming\Mozilla\Firefox\Profiles\feblkjzc.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 12:38:58
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\HelpPane.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-18 12:43:18 - machine was rebooted [SYSTEM]
ComboFix-quarantined-files.txt 2008-08-18 10:42:11
ComboFix2.txt 2008-08-18 08:33:08

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 43,910,684,672 octets libres

251 --- E O F --- 2008-08-18 01:02:51

Télécharge ToolsCleaner sur ton bureau.
-->
ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
http://pc-system.fr/TC/ToolsCleaner2.exe
# Fais un clic droit sur toolcleaner
# Choisi executer en tant qu administrateur
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


Télécharge HijackThis ici :

-> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
-> ftp://ftp.commentcamarche.com/download/HJTInstall.exe

-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

-> Clique sur Install ensuite sur I Accept

-> Clique sur Do a scan system and save log file

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
A découvrir : Estopa, Rosario Flores, La Oreja De Van Gogh
                   Bonne écoute 
                   @ + TChiki.

Tools Cleaner :
-->- Recherche:

C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\Max\Desktop\avenger.exe: trouvé !
C:\Users\Max\Downloads\fsbl.exe: trouvé !
C:\Users\Max\Downloads\OtMoveIt2.exe: trouvé !
C:\Users\Max\Downloads\HijackThis.exe: trouvé !
C:\Users\Max\Downloads\HJTInstall.exe: trouvé !
C:\Users\Odile\Desktop\HijackThis.lnk: trouvé !
C:\Users\Sam\Desktop\HijackThis.lnk: trouvé !
C:\Users\Sophie\Desktop\HijackThis.lnk: trouvé !
C:\Windows\Gmer.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Users\Max\Desktop\avenger.exe: supprimé !
C:\Users\Max\Downloads\fsbl.exe: supprimé !
C:\Users\Max\Downloads\OtMoveIt2.exe: supprimé !
C:\Users\Max\Downloads\HijackThis.exe: supprimé !
C:\Users\Max\Downloads\HJTInstall.exe: supprimé !
C:\Users\Odile\Desktop\HijackThis.lnk: supprimé !
C:\Users\Sam\Desktop\HijackThis.lnk: supprimé !
C:\Users\Sophie\Desktop\HijackThis.lnk: supprimé !
C:\Windows\Gmer.exe: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !



Ensuite, Hijackthis : Application Win32 non valide -_-'