Sujet Précédent Sujet Suivant

Virus Srosa.Sys Bagle Gen Win 32

maxouxd Messages postés 122 Statut Membre -
sKe69 - 22 août 2008 à 21:39

Bonjour, je suis infecté par le Virus Bagen Win 32 (vista recherche de solution aux problème due a un Bsod).
HijackThis : fonctionne pas
Eglibagla: ne supprime rien mais indique la présence d'un Srosa.sys et de hldrrr.exe
Norton : fonctionne pas
Avast : fonctionne pas
Combo Fix: où est le rapport svp ?
Gmer : trouve Srosa (HIDDEN), mais impossible de désactiver ou de supprimer le service.

Merci de vos prochaines réponses

Afficher la suite

A voir également:

Virus Srosa.Sys Bagle Gen Win 32
32 bits - Guide
Power iso 32 bit - Télécharger - Gravure
Win rar - Télécharger - Compression & Décompression
Virus mcafee - Accueil - Piratage
Télécharger windows 7 32 bits usb - Télécharger - Systèmes d'exploitation

247 réponses

Précédent

1
2
3
4
5
6
7
8
9
10
13

Suivant

Résumé de la discussion

L’infection Bagen Win 32 sur Windows Vista provoque un BSOD et échoue les nettoyages avec Norton ou Avast, tandis que GMER signale un fichier Srosa.sys caché et un service non désactivable. La solution prioritaire proposée consiste à utiliser Elibagla, téléchargé via une page dédiée, déployé à la racine (C:\Elibagla), renommé en mdelk.exe et exécuté en administrateur avec l’option « Eliminar Ficheros Automaticamente » cochée, puis lancer l’analyse et partager le rapport obtenu. Après le scan, il est recommandé d’envoyer le rapport à des scanners en ligne (Bitdefender, Panda ou Kaspersky) ou d’utiliser OAD pour rechercher Megadrv3 et srosa.sys et publier les résultats détaillés. Des conseils complémentaires évoquent l’usage de ComboFix renommé et Malwarebytes, ainsi que le balayage des périphériques USB pour éradiquer d’autres traces.

Réponse 101 / 247

afideg Messages postés 10970 Statut Contributeur sécurité 602

Agrr..
Saleté de Vista!

Désactiver et réactiver la restauration système sous Vista
https://forum.malekal.com/viewtopic.php?f=59&t=5385

Merci
Al.

As-tu téléchargé Antivir Personal Edition Classic , et supprimé AVAST (la passoire) ?

Réponse 102 / 247

maxouxd Messages postés 122 Statut Membre

https://www.casimages.com/i/080821121120297860.jpg.html

regardez moi sa, impossible de télécharger, que ce soit avec Mozilla ou Internet Explorer.

Encore merci pour vos aides.

PS: je suis en sans échec , pas de problème pour la protection, elle est désactivée d'office (onglet non présent)

PS2: plus de passoire, mais impossible de télécharger antivir...

Réponse 103 / 247

afideg Messages postés 10970 Statut Contributeur sécurité 602

(suite)
Tu t'en souviendras des cracks et P2P. ;)

Télécharge ce fichier : http://ww11.kellys-korner-xp.com/regs_edits/exefix.reg
Exécute-le
Accepte éventuellement la fusion

Al.

Réponse 104 / 247

maxouxd Messages postés 122 Statut Membre

et jle télécharge comment ? Sa fait pareil!!

j'ai fait une manip, et j'ai réussi. MAIS : https://www.casimages.com/i/080821124036563134.jpg.html

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 105 / 247

Utilisateur anonyme

re

merci d etre intervenu les gars

Max ou en est tu ?

peut tu telecharger ainsi ?

Antivir : clic droit sur le lien , enregister la cible sous .....bureau :

->https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html

Réponse 106 / 247

maxouxd Messages postés 122 Statut Membre

jvous explique, quand je fais enregistrer la cible sous, le fichier arrive et disparait tout de suite !! Il reste que le .part, et si jessaye de l'ouvrir, il me dis que le fichier n'existe pas =S. Donc , pas de antivir.

Je lance le scan !

Réponse 107 / 247

Utilisateur anonyme

tu as toujours combofix ?,

Réponse 108 / 247

maxouxd Messages postés 122 Statut Membre

J'ai combofix ! (renomé "jeanmi")

Réponse 109 / 247

maxouxd Messages postés 122 Statut Membre

J'arrête kaspery Online ?

Réponse 110 / 247

Utilisateur anonyme

oui pour l instant on le passera after

Réponse 111 / 247

maxouxd Messages postés 122 Statut Membre

un Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:51, on 2008-08-21
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [V0230Mon.exe] C:\Windows\V0230Mon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: IntelDHSvcConf - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--

Je lance comboFIX

Réponse 112 / 247

maxouxd Messages postés 122 Statut Membre

ComboFix 08-08-19.06 - SYSTEM 2008-08-21 13:54:16.7 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1421 [GMT 2:00]
Endroit: C:\Users\Max\Desktop\Jeanmi.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Max\AppData\Roaming\m
C:\Users\Max\AppData\Roaming\m\data.oct
C:\Users\Max\AppData\Roaming\m\flec006.exe
C:\Users\Max\AppData\Roaming\m\list.oct
C:\Users\Max\AppData\Roaming\m\shared
C:\Users\Max\AppData\Roaming\m\shared\1602_A.D._1.zip
C:\Users\Max\AppData\Roaming\m\shared\3D_Object_Converter_4.00_[Crack].zip
C:\Users\Max\AppData\Roaming\m\shared\4_Yeo_In_Font_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Aardvark_2.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Acoustica_MP3_Audio_Mixer_2.471b_[Serial].zip
C:\Users\Max\AppData\Roaming\m\shared\Active_WebTraffic_8.0.6.2_[Key].zip
C:\Users\Max\AppData\Roaming\m\shared\Address_Uno_1.1.zip
C:\Users\Max\AppData\Roaming\m\shared\ALink_1.01.zip
C:\Users\Max\AppData\Roaming\m\shared\AllDay_DJ_Mass_Import_Tool_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\ALTools_Lunar_Zodiac_Horse_Wallpaper_2005.zip
C:\Users\Max\AppData\Roaming\m\shared\AntiPlagiarist_1.8.zip
C:\Users\Max\AppData\Roaming\m\shared\AntiVir.Personal.Edition.Classic.v7.0.Final.zip
C:\Users\Max\AppData\Roaming\m\shared\ASCII_Decoder_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Auto_Installer_1.3.zip
C:\Users\Max\AppData\Roaming\m\shared\Barcode_DLL_for_Pocket_PC_5.zip
C:\Users\Max\AppData\Roaming\m\shared\Beautiful_Calculator_3.2.6.zip
C:\Users\Max\AppData\Roaming\m\shared\bitsoft_Text2HTML_Converter_1.1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Blurb_BookSmart_1.3.1_beta.zip
C:\Users\Max\AppData\Roaming\m\shared\CloseCD_1.1.zip
C:\Users\Max\AppData\Roaming\m\shared\Code_Converter_1.03b.zip
C:\Users\Max\AppData\Roaming\m\shared\Collect_the_Red_Dots_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Collidoscope_1.1.zip
C:\Users\Max\AppData\Roaming\m\shared\Company_Management_System_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Console_Palette_Changer_1.03.zip
C:\Users\Max\AppData\Roaming\m\shared\Convert2ISO_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Cutline_Filter_1.11.zip
C:\Users\Max\AppData\Roaming\m\shared\Deepnet_Explorer_1.5.3_beta_3.zip
C:\Users\Max\AppData\Roaming\m\shared\Delta_Force_Black_Hawk_Down_gameplay_movie_2.zip
C:\Users\Max\AppData\Roaming\m\shared\Diggles_The_Myth_of_Fenris_demo.zip
C:\Users\Max\AppData\Roaming\m\shared\Digital_Camera_Poster_Creator_2.52.zip
C:\Users\Max\AppData\Roaming\m\shared\DILEMMA_1.0_Patch.zip
C:\Users\Max\AppData\Roaming\m\shared\DopeWars_(Palm)_2.4.6.zip
C:\Users\Max\AppData\Roaming\m\shared\Download_Statusbar_0.9.5.1.zip
C:\Users\Max\AppData\Roaming\m\shared\Driving_Speed_1.16.zip
C:\Users\Max\AppData\Roaming\m\shared\Drum_Station_DT-010_1.09.zip
C:\Users\Max\AppData\Roaming\m\shared\DrWeb.4.33.PL.i.EN.+key.zip
C:\Users\Max\AppData\Roaming\m\shared\DVD_Rip_Factory_Pro_7.3.3.16_(Patch).zip
C:\Users\Max\AppData\Roaming\m\shared\DVD_to_Zune_Converter_+_Video_to_Zune_Converter_Suite_3.6_[Key].zip
C:\Users\Max\AppData\Roaming\m\shared\DWeb_Pro_3.4.1.zip
C:\Users\Max\AppData\Roaming\m\shared\EfreeSoft_Boss_Key_3.30.zip
C:\Users\Max\AppData\Roaming\m\shared\Ekspos_Image_Viewer_0.8.3.zip
C:\Users\Max\AppData\Roaming\m\shared\FeedReader_2.9.zip
C:\Users\Max\AppData\Roaming\m\shared\FilesCollection_2.0b_KeyGen.zip
C:\Users\Max\AppData\Roaming\m\shared\Flash_Horizontal_Menu_Wizard_2.0.zip
C:\Users\Max\AppData\Roaming\m\shared\FlashKeeper_2.1_Key+Serial.zip
C:\Users\Max\AppData\Roaming\m\shared\Flv_Recorder_2.0.0.852.zip
C:\Users\Max\AppData\Roaming\m\shared\FontCreator_Home_Edition_5.6_(Patch).zip
C:\Users\Max\AppData\Roaming\m\shared\Free_Registry_Defrag_2.32.zip
C:\Users\Max\AppData\Roaming\m\shared\FroogleUp_1.2.3.zip
C:\Users\Max\AppData\Roaming\m\shared\FTP_Commander_Pro_8.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Games_Folder_0.31_Alpha_3.zip
C:\Users\Max\AppData\Roaming\m\shared\GeoLocateFox_0.2.zip
C:\Users\Max\AppData\Roaming\m\shared\H&H_Germany2Go_Talking_Phrase_Book_(Palm_OS)_3.zip
C:\Users\Max\AppData\Roaming\m\shared\HP0-265_Practice_Exam_Testing_Engine_Software_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\HzTail_1.0_(Key+Serial).zip
C:\Users\Max\AppData\Roaming\m\shared\ICQ_Monitor_Sniffer_3.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Ikaros_1.0.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Internet_Anywhere_Toolkit_3.2.1.zip
C:\Users\Max\AppData\Roaming\m\shared\Jackson_Hole_Web_Cams_1.7.zip
C:\Users\Max\AppData\Roaming\m\shared\Jimmy_Neutron_Rescue_Jet_Fusion_1.zip
C:\Users\Max\AppData\Roaming\m\shared\jPDFText_1.11.zip
C:\Users\Max\AppData\Roaming\m\shared\KIBASE_Power_Pointer_1.1.zip
C:\Users\Max\AppData\Roaming\m\shared\Killer_1.zip
C:\Users\Max\AppData\Roaming\m\shared\Limerick_Europe_3.1.zip
C:\Users\Max\AppData\Roaming\m\shared\LingvoSoft_Talking_Picture_Dictionary_2007_French_-_Russian_1.1.18.zip
C:\Users\Max\AppData\Roaming\m\shared\LogObserver_1.4.0.1564.zip
C:\Users\Max\AppData\Roaming\m\shared\LollyDex_Correspondence_Index_2.0_[Crack].zip
C:\Users\Max\AppData\Roaming\m\shared\MainActor_5.1.zip
C:\Users\Max\AppData\Roaming\m\shared\MakoButton_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Masters_of_Orion_II_Update_(PowerPC)_1.6.zip
C:\Users\Max\AppData\Roaming\m\shared\MB4-219_Practice_Exam_Testing_Engine_Software_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Media_Fortress_1.0.1_Cracked.zip
C:\Users\Max\AppData\Roaming\m\shared\Melopolis_Studio_1.018.zip
C:\Users\Max\AppData\Roaming\m\shared\memecats_1.0_[Crack].zip
C:\Users\Max\AppData\Roaming\m\shared\MindChart_Business_Edition_2.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Mocha_TN5250_for_Vista_1.1.zip
C:\Users\Max\AppData\Roaming\m\shared\MP3_Output_Plug-in_1.1.zip
C:\Users\Max\AppData\Roaming\m\shared\MP3_Splitter_&_Joiner_Pro_3.46_[Key+Serial].zip
C:\Users\Max\AppData\Roaming\m\shared\Multicom_2.0.zip
C:\Users\Max\AppData\Roaming\m\shared\MultiMemories_2.9.zip
C:\Users\Max\AppData\Roaming\m\shared\My_Sporting_Hero_Recorder_1.01_(Patch).zip
C:\Users\Max\AppData\Roaming\m\shared\My_Videogame_Collection_1.zip
C:\Users\Max\AppData\Roaming\m\shared\MySimpleFTP_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\MySQL-to-Oracle_2.3.zip
C:\Users\Max\AppData\Roaming\m\shared\Navicat_PostgreSQL_7.2.11_[Key+Serial].zip
C:\Users\Max\AppData\Roaming\m\shared\Norms_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Pack-X_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Panda-Arroz_Con_Leche-2000-NoGrp.zip
C:\Users\Max\AppData\Roaming\m\shared\Panda_TruPrevent_Corporate_3.06_KeyGen.zip
C:\Users\Max\AppData\Roaming\m\shared\Personal_Health_Desk_1.1.zip
C:\Users\Max\AppData\Roaming\m\shared\Photo_SlideShow_Maker_2.9_Cracked.zip
C:\Users\Max\AppData\Roaming\m\shared\Photo_to_Sketch_3.5.zip
C:\Users\Max\AppData\Roaming\m\shared\Picalo_4.12.zip
C:\Users\Max\AppData\Roaming\m\shared\Power_Spy_2007_6.10.zip
C:\Users\Max\AppData\Roaming\m\shared\PSPShuffle_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\QIC_Webfotoalbum_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Quick_Album_1.zip
C:\Users\Max\AppData\Roaming\m\shared\RaidenMAILD_1.9.1.3_Key+Serial.zip
C:\Users\Max\AppData\Roaming\m\shared\Real_Estate_Notebook_2.21_[Serial].zip
C:\Users\Max\AppData\Roaming\m\shared\Recovery_for_Access_2.2.0715.zip
C:\Users\Max\AppData\Roaming\m\shared\Rheinturmuhr_2.1.zip
C:\Users\Max\AppData\Roaming\m\shared\RustemSoft.Controls_.NET_2.0_assembly_2.30.05_(KeyGen).zip
C:\Users\Max\AppData\Roaming\m\shared\Second_Backup_2007.2.1_(Serial).zip
C:\Users\Max\AppData\Roaming\m\shared\Sexy_Buffy_Screensaver_-_BabeSaver.com_1.zip
C:\Users\Max\AppData\Roaming\m\shared\ShadowServer_2.5.zip
C:\Users\Max\AppData\Roaming\m\shared\Sid_Meier's_Alien_Crossfire_demo_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Sigmasoft_eRecruitment_1.1_(With_Crack).zip
C:\Users\Max\AppData\Roaming\m\shared\SmarThumb_my.shredder_2.1.3.zip
C:\Users\Max\AppData\Roaming\m\shared\Soundy_Mouse_1.zip
C:\Users\Max\AppData\Roaming\m\shared\Speak_I.D._1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Spirits_On_The_Wind2_1.0.6.2634.zip
C:\Users\Max\AppData\Roaming\m\shared\Steel's_World_II_(Dungeon_Siege).zip
C:\Users\Max\AppData\Roaming\m\shared\SupportMonkey_2002_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Talking_Maritime_Encyclopedia_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\The_Wireless_Toolkit_2.5_[With_Crack].zip
C:\Users\Max\AppData\Roaming\m\shared\Timer_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\USA_Shield_2.15.zip
C:\Users\Max\AppData\Roaming\m\shared\Vanga_Rengi_Mangaro_1.0.4.492_Crack.zip
C:\Users\Max\AppData\Roaming\m\shared\VCamChat_1.6-rev10.zip
C:\Users\Max\AppData\Roaming\m\shared\Visual_Horse_2.2.zip
C:\Users\Max\AppData\Roaming\m\shared\ViVi_DVD_Ripper_3.1.7.zip
C:\Users\Max\AppData\Roaming\m\shared\VK_TypeHelp_1.2.zip
C:\Users\Max\AppData\Roaming\m\shared\Winter_Day_Demo_Screensaver_1.0_Cracked.zip
C:\Users\Max\AppData\Roaming\m\shared\Wireless_Snif_4.2.120_(Crack).zip
C:\Users\Max\AppData\Roaming\m\shared\WordPerfect_to_XML_HTML_-_WP_2_Web_Publisher_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\XN_Resource_Editor_3.0.0.1_Build_6000.zip
C:\Users\Max\AppData\Roaming\m\shared\Zagat_To_Go_for_Blackberry_4.0.1.zip
C:\Users\Max\AppData\Roaming\m\shared\ZeroTraces_WinCleaner_N'_Optimizer_2.6.1.1_Serial.zip
C:\Users\Max\AppData\Roaming\m\shared\Zoho_CRM_5.0.zip
C:\Users\Max\AppData\Roaming\m\srvlist.oct
C:\Windows\system32\ban_list.txt
C:\Windows\system32\drivers\downld
C:\Windows\system32\drivers\downld\108592.exe
C:\Windows\system32\drivers\downld\109403.exe
C:\Windows\system32\drivers\downld\115113.exe
C:\Windows\system32\drivers\downld\125222.exe
C:\Windows\system32\drivers\downld\132850.exe
C:\Windows\system32\drivers\downld\137140.exe
C:\Windows\system32\drivers\downld\141539.exe
C:\Windows\system32\drivers\downld\143552.exe
C:\Windows\system32\drivers\downld\147093.exe
C:\Windows\system32\drivers\downld\149604.exe
C:\Windows\system32\drivers\downld\154206.exe
C:\Windows\system32\drivers\downld\229664.exe
C:\Windows\system32\drivers\downld\230257.exe
C:\Windows\system32\drivers\downld\239024.exe
C:\Windows\system32\drivers\downld\250288.exe
C:\Windows\system32\drivers\downld\253392.exe
C:\Windows\system32\drivers\downld\265264.exe
C:\Windows\system32\drivers\downld\59841.exe
C:\Windows\system32\drivers\downld\75972.exe
C:\Windows\system32\drivers\downld\84536.exe
C:\Windows\system32\drivers\downld\85394.exe
C:\Windows\system32\drivers\downld\97719.exe
C:\Windows\system32\drivers\hldrrr.exe
C:\Windows\system32\drivers\mdelk.exe
C:\Windows\system32\mdelk.exe
C:\Windows\system32\wintems.exe
G:\autorun.inf
L:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_srosa

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-21 to 2008-08-21 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 10:41 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-21 10:27 --------- d-----w C:\Program Files\Trend Micro
2008-08-20 21:17 --------- d-----w C:\ProgramData\Symantec
2008-08-20 17:31 167,936 ----a-w C:\VaccinUSB.exe
2008-08-20 17:03 --------- d-----w C:\Program Files\Alwil Software
2008-08-20 15:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-18 11:32 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-18 07:34 --------- d-----w C:\Program Files\Sophos
2008-08-18 01:08 --------- d-----w C:\Program Files\Windows Mail
2008-08-17 23:18 --------- d-----w C:\Program Files\Norton Internet Security
2008-08-17 23:18 --------- d-----w C:\Program Files\Microsoft Works
2008-08-17 13:02 --------- d-----w C:\Program Files\EsetOnlineScanner
2008-08-17 13:01 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-08-17 13:01 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-08-16 23:58 --------- d-----w C:\Users\Sam\AppData\Roaming\Malwarebytes
2008-08-16 19:51 --------- d-----w C:\Users\Max\AppData\Roaming\Malwarebytes
2008-08-16 19:51 --------- d-----w C:\ProgramData\Malwarebytes
2008-08-16 16:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-06 11:27 --------- d-----w C:\Program Files\Common Files\Steam
2008-08-06 08:54 --------- d-----w C:\Program Files\Microsoft Money 2005
2008-08-04 16:22 --------- d-----w C:\Users\Max\AppData\Roaming\Real Desktop
2008-07-22 09:51 --------- d-----w C:\Users\Max\AppData\Roaming\GetRightToGo
2008-07-22 09:07 --------- d-----w C:\Users\Max\AppData\Roaming\Apple Computer
2008-07-22 09:06 --------- d-----w C:\ProgramData\Apple Computer
2008-07-22 09:06 --------- d-----w C:\Program Files\iTunes
2008-07-22 09:06 --------- d-----w C:\Program Files\iPod
2008-07-21 19:27 --------- d-----w C:\Program Files\QuickTime
2008-07-21 19:25 --------- d-----w C:\Program Files\Apple Software Update
2008-07-21 19:24 --------- d-----w C:\ProgramData\Apple
2008-07-21 19:24 --------- d-----w C:\Program Files\Common Files\Apple
2008-07-10 15:05 174 --sha-w C:\Program Files\desktop.ini
2008-07-03 11:33 --------- d-----w C:\Program Files\Trials 2 Second Edition
2008-07-03 11:33 --------- d-----w C:\Program Files\OpenAL
2008-06-28 17:28 --------- d-----w C:\Program Files\Picasa2
2008-06-28 17:28 --------- d-----w C:\Program Files\Google
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
.

((((((((((((((((((((((((((((( snapshot_2008-08-20_22.27.32.74 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-20 20:22:56 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-08-21 11:58:16 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-08-21 11:58:16 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-08-20 20:22:56 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-08-21 11:58:16 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-08-21 11:58:16 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2007-11-04 01:33:47 70,104 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
+ 2008-08-20 20:37:04 105,256 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
+ 2008-08-20 20:40:16 16,384 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
- 2008-08-20 17:03:42 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-21 11:58:18 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-20 20:40:15 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008082020080821\index.dat
+ 2008-08-21 11:30:06 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008082120080822\index.dat
+ 2008-08-21 10:41:47 78,924 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
- 2008-08-20 17:03:42 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-21 11:58:18 180,224 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-18 10:38:58 53,248 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Temp\catchme.dll
+ 2008-08-21 11:58:44 53,248 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Temp\catchme.dll
+ 2008-08-21 11:33:36 64,690 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\Acrobat\8.0\UserCache.bin
+ 2008-08-21 10:38:55 20,040 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
- 2008-08-20 17:03:42 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-21 11:58:18 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-17 13:33:02 142,730 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\feblkjzc.default\compreg.dat
+ 2008-08-21 10:27:32 142,730 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\feblkjzc.default\compreg.dat
- 2008-08-20 16:49:42 14,183 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\feblkjzc.default\pluginreg.dat
+ 2008-08-21 10:28:13 10,875 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\feblkjzc.default\pluginreg.dat
- 2008-08-17 13:33:02 96,112 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\feblkjzc.default\xpti.dat
+ 2008-08-21 10:27:31 96,112 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\feblkjzc.default\xpti.dat
- 2008-08-20 18:56:00 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-08-21 11:54:13 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-08-21 11:54:13 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
+ 2005-05-16 17:34:48 213,048 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2008-08-13 13:03:26 65,536 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2008-08-13 13:03:26 798,720 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-08-20 20:23:29 709,120 ----a-w C:\Windows\System32\RtHDVCpl.exe
+ 2006-08-08 08:06:00 708,616 ----a-w C:\Windows\System32\RtHDVCpl.exe
- 2008-07-15 10:52:43 3,036 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3006126301-1578542936-2715256611-1001_UserData.bin
+ 2008-08-21 00:04:21 3,238 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3006126301-1578542936-2715256611-1001_UserData.bin
- 2008-08-20 20:13:57 5,482 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3006126301-1578542936-2715256611-1003_UserData.bin
+ 2008-08-21 10:16:23 5,954 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3006126301-1578542936-2715256611-1003_UserData.bin
- 2008-08-20 20:13:57 63,990 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-21 10:16:23 64,118 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-20 20:13:54 43,384 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-21 10:16:21 43,744 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-12-02 17:42 3739672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [BU]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2008-08-21 12:15 22696]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 12:39 151552]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2006-08-08 10:06 708616]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-08-08 10:06 708616]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 11:56 423424]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"V0230Mon.exe"="C:\Windows\V0230Mon.exe" [2006-09-07 02:01 32768]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 14:35 176128]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 17:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"RtHDVCpl"="RtHDVCpl.exe" [2006-08-08 10:06 708616 C:\Windows\System32\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-12-02 17:42 3739672]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-03 19:07:23 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3006126301-1578542936-2715256611-1001]
"EnableNotificationsRef"=dword:00000003

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3006126301-1578542936-2715256611-1003]
"EnableNotificationsRef"=dword:00000007

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{722D1D9F-5885-4D78-9DA5-2079562B23C7}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BE342372-9CEB-4827-80F2-75D04B42BCD6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E6316576-679F-4665-9D38-E34D3DFC70A6}"= C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{34B087DC-CD9D-44C6-B626-3F79DC528461}"= C:\Program Files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{AE078BE2-6F15-4D46-9C88-57063ADCD039}"= C:\Program Files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{A0645421-8520-4699-BD1C-254AAC4ACF0C}"= C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{A267EABF-3BE8-45D5-97BE-20BDC6E94454}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{B65BD99F-0C27-4848-9D05-2EF76839A98F}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{63ED5734-C34C-4108-B30E-7A68A4E37CF7}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{5C9100D0-6E96-4D13-A069-91D6253E974F}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{1FEA4046-16A6-4104-BBA3-4A52AC6058CA}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{F21B0008-368B-464F-B72B-32C2ED450D31}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{72E5566D-93F1-447B-B55F-36D91E7CE801}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{CBB98356-FEB1-4F1D-AD20-328376C01391}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{4EA560A4-A1AD-490E-B7DC-8A5CA26B32F3}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{13FCDB65-9605-496A-9376-EE958E7CE785}"= Disabled:UDP:C:\Users\Sophie\Desktop\incredimail_install.exe:IncrediMail Installer
"{06B24F33-CCFA-4591-8C2A-43D8780ED991}"= Disabled:TCP:C:\Users\Sophie\Desktop\incredimail_install.exe:IncrediMail Installer
"{3EAFD950-B855-4343-B5E6-D4EE1C5CFE80}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{0DAD94A7-6615-4A29-8E0E-5C5B489A60F8}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{0BA2B1EF-2E95-4136-9A26-66CCE3C4F8DD}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{9BD7D90E-C2C5-48D6-A0A6-B1D24AC6D299}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{C976A610-71D2-4138-9C3D-3D13A03BDDC8}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{ED7352BB-FCAF-42B9-A79B-37BBEF79A40C}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{23972178-9F29-4C36-9836-81AB27CB1B4A}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{69F65F90-AE40-409B-84D8-E82490A5C3CF}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{4B2B9988-801D-46A7-B7F7-2B5B772D2D33}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{9BC49054-781C-4BCD-B99E-2F39D931C498}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{C25FCB01-05AD-4438-8D7D-33F9F851B9E2}"= UDP:C:\Users\Max\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{1BE80DFF-11FE-4C2A-BD20-317488140744}"= TCP:C:\Users\Max\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{045C99CF-81E6-4F27-8D3E-2CE8A4C1FD42}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{70D07A8C-0B5D-49B9-9307-4A3B7AC694D9}"= TCP:C:\Program Files\eMule\emule.exe:eMule
"TCP Query User{C3305525-5063-4753-9991-26A4E629A15F}C:\\program files\\valve\\steam\\steamapps\\cococerise\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe:hl2
"UDP Query User{7120ECFE-090D-4255-8008-E2A3FD5EDEA8}C:\\program files\\valve\\steam\\steamapps\\cococerise\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe:hl2
"{834019A6-1007-4639-AD21-2C2390734716}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{7C515A61-FD49-401B-836A-0ED2C3D00E27}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{3E5FF350-6E17-49BB-9CBD-ACF024C7B720}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7E4081CB-839A-450E-8507-B20123812CF9}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{4D7503EF-EA76-48EF-8853-F9972D9EDF5C}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{4CD403E8-C83E-41B8-A895-FCEE1A4D6CCB}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8151E3B8-D46D-4564-BEA6-6557386D5320}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{B0406940-8CA9-4E6F-9CF3-E4C13EC133EC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E14E56EE-22BE-48C4-8FE1-DD4F0B378052}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-11-04 03:24]
S2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 10:03]
S2 nmsgopro;GoProto Protocol Driver for NMS;C:\Windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 17:37]
S2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 16:49]
S3 IntelDHSvcConf;IntelDHSvcConf;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-11-18 07:59]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-08-04 18:28]
S3 V0230Vfx;V0230Vfx;C:\Windows\system32\DRIVERS\V0230Vfx.sys [2006-03-24 02:00]
S3 V0230VID;Live! Cam Video IM Pro;C:\Windows\system32\DRIVERS\V0230VID.sys [2007-08-07 02:03]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-21 C:\Windows\Tasks\User_Feed_Synchronization-{08F52541-BB99-43D5-B22D-6E24A2A342B5}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]

2008-08-21 C:\Windows\Tasks\User_Feed_Synchronization-{399B12F5-B8AF-4FB0-AE82-B196D11AB044}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]

2008-08-20 C:\Windows\Tasks\User_Feed_Synchronization-{7069164B-34C3-444F-A488-9B5EFDB50680}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Windows\System32\config\SYSTEM~1\AppData\Roaming\Mozilla\Firefox\Profiles\feblkjzc.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 13:58:44
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-21 14:03:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-21 12:02:56
ComboFix2.txt 2008-08-20 20:28:18

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 62,817,169,408 octets libres

412 --- E O F --- 2008-08-18 01:02:51

dsl double post

Réponse 113 / 247

Utilisateur anonyme

tu peux telecharger mantenant ??

Réponse 114 / 247

maxouxd Messages postés 122 Statut Membre

non, si je met une cible ou que je fais exécuter (internet explorer) sa télécharge mais après rien ne se passe. Et sous firefox, pareil on peut rien faire.

Réponse 115 / 247

Utilisateur anonyme

voila l ennui , je dois sortir

je te propose de faire le scan en ligne comme le propose AL. :

http://www.commentcamarche.net/forum/affich 7950743 virus srosa sys bagle gen win 32?entiere#95

si t as un soucis jlpjlp, Ske ou Al t aideront

moi je reviens a 17H environ

j ai hate de lire ton rapport kaspersky

courage

@Toute

Réponse 116 / 247

maxouxd Messages postés 122 Statut Membre

Merci beaucoup. je lance kapersky online.

A tte !!

Réponse 117 / 247

Utilisateur anonyme

re

ma sortie est annulée= temps pourris lol

Réponse 118 / 247

maxouxd Messages postés 122 Statut Membre

A toulouse : Superbe Soleil

PS : kapersky 85% 1 virus+2fichiers infectés

Réponse 119 / 247

Utilisateur anonyme

ici (en bretagne) ça va, mais il a plus cette nuit et pour ce que je devais faire (desheber) pas top

Réponse 120 / 247

maxouxd Messages postés 122 Statut Membre

Lol, en effet. 99% 3virus et 6 fichiers infectés

Discussions similaires

Softonic,est-ce un virus ?

svp 32Gb est il egal a 32Go??

Forum Virus

Trouvez des solutions pour détecter et éliminer les menaces, des astuces pour prévenir les infections, et discutez des dernières menaces en ligne

Newsletters

Newsletters

Actu du jour

Voir un exemple