Se connecter / S'enregistrer
Votre question

BAGLE encore [résolu]

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
13 Décembre 2008 12:46:48

Bonjour
Il y a quelque temps de ça une personne de ce forum m'avait aidé pour me débarasser d'un ver bagle et un formatage de mon pc je m'en rattrape un.
J'ai donc voulu faire les même manipulations que l'on m'avait dit de faire la dernière fois mais le souci c'est que ELIBAGLA ne fonctionne pas.
J'ai une fenetre qui apparait "archivo modificado, posiblemente por un virus. contacte con satinfo".
Que puis-je faire pour me débarrasser de ce sale virus.
Merci de votre aide

Autres pages sur : bagle resolu

13 Décembre 2008 12:50:22

voici mon rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13, on 2008-12-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\Home Sweet Home\reader_s.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Documents and Settings\Home Sweet Home\Bureau\HiJack-This.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [reader_s] C:\Documents and Settings\Home Sweet Home\reader_s.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Home Sweet Home\reader_s.exe
O4 - HKCU\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [jrffrtrw.exe] C:\WINDOWS\jrffrtrw.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [jrfvvgyz.exe] C:\WINDOWS\jrfvvgyz.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [nttogwfk.exe] C:\WINDOWS\nttogwfk.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
O20 - Winlogon Notify: dmsejjw - C:\WINDOWS\SYSTEM32\dmsejjw.dll
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 6681 bytes
13 Décembre 2008 13:31:47

mon rapport combofix :
ComboFix 08-12-07.01 - Home Sweet Home 2008-12-08 22:33:58.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.675 [GMT 1:00]
Lancé depuis: M:\kil.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\MS32DLL.dll.vbs
c:\windows\MS32DLL.dll.vbs
c:\windows\services.exe
c:\windows\system32\8.tmp
c:\windows\system32\9.tmp
c:\windows\system32\csrsc.exe
c:\windows\system32\mdm.exe
D:\Autorun.inf
D:\MS32DLL.dll.vbs
M:\autorun.inf
M:\MS32DLL.dll.vbs
m:\recycler\S-1-6-21-2434476501-1644491937-600003330-1213
m:\recycler\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
m:\recycler\S-1-6-21-2434476501-1644491937-600003330-1213\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINSPOOLSVC
-------\Service_restore
-------\Service_WinSpoolSvc


((((((((((((((((((((((((((((( Fichiers créés du 2008-11-08 au 2008-12-08 ))))))))))))))))))))))))))))))))))))
.

2008-12-08 19:38 . 2008-12-08 19:38 <REP> d-------- C:\killbagle
2008-12-08 19:08 . 2008-12-08 19:08 136,032 --a------ c:\windows\system32\drivers\ethpshze.sys
2008-12-08 19:08 . 2008-12-08 19:08 24,576 --a------ c:\windows\system32\reader_s.exe
2008-12-08 19:08 . 2008-12-08 19:08 3,584 --a------ c:\windows\jrffrtrw.exe
2008-12-08 19:08 . 2008-12-08 19:08 246 --a------ c:\windows\system32\A.tmp
2008-12-08 19:07 . 2008-12-08 19:08 136 --a------ c:\windows\system32\6.tmp
2008-12-06 19:36 . 2008-12-06 19:36 17 --a------ c:\windows\MovingPicture.ini
2008-12-06 17:37 . 2008-12-06 17:37 <REP> d-------- c:\documents and settings\Home Sweet Home\Application Data\Apple Computer
2008-12-06 17:13 . 2008-12-06 17:13 <REP> d-------- c:\program files\proDAD
2008-12-06 17:08 . 2008-12-06 17:08 <REP> d-------- c:\program files\AdorageI-SAL
2008-12-06 17:08 . 2008-12-06 17:09 <REP> d-------- c:\program files\AdorageI-GfxDatas
2008-12-06 16:53 . 2008-12-06 19:37 455 --a------ c:\windows\VFO.VST
2008-12-06 16:53 . 2008-12-06 16:53 51 --a------ c:\windows\system32\blue.SITENAME
2008-12-06 16:51 . 2002-12-17 17:23 33,340 --a------ c:\windows\system32\dbmsqlgc.dll
2008-12-06 16:51 . 2002-10-20 15:05 24,576 --a------ c:\windows\system32\dbmsgnet.dll
2008-12-06 16:50 . 2008-12-06 16:50 <REP> d-------- c:\windows\Cache
2008-12-06 16:50 . 2008-12-06 16:50 <REP> d-------- c:\program files\Microsoft SQL Server
2008-12-06 16:50 . 2003-03-19 04:04 765,952 --------- c:\windows\system32\msvcp71d.dll
2008-12-06 16:50 . 2003-03-19 04:03 544,768 --------- c:\windows\system32\msvcr71d.dll
2008-12-06 16:48 . 2008-12-06 16:48 <REP> d-------- c:\windows\system32\URTTemp
2008-12-06 16:43 . 2008-12-06 16:43 <REP> d-------- c:\program files\SmartSound Software
2008-12-06 16:43 . 2008-12-06 16:43 <REP> d-------- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2008-12-06 16:42 . 2008-12-06 17:36 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-06 16:42 . 2008-12-06 16:42 1,409 --a------ c:\windows\QTFont.for
2008-12-06 16:41 . 2008-12-06 16:42 <REP> d-------- c:\program files\QuickTime
2008-12-06 16:41 . 2008-12-06 16:41 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-06 16:41 . 2004-07-02 17:28 84,992 --a------ c:\windows\system32\ATL70.DLL
2008-12-06 16:41 . 2008-12-06 16:53 361 --a------ c:\windows\VFO.INI
2008-12-06 16:39 . 2008-12-06 16:39 <REP> d-------- c:\windows\Downloaded Installations
2008-12-06 16:39 . 2002-01-05 04:48 974,848 --a------ c:\windows\system32\MFC70.DLL
2008-12-06 16:39 . 2002-01-05 04:36 964,608 --a------ c:\windows\system32\MFC70U.DLL
2008-12-06 16:39 . 2003-03-26 07:58 487,424 --a------ c:\windows\system32\MSVCP70.DLL
2008-12-06 16:39 . 2003-02-04 06:08 344,064 --a------ c:\windows\system32\MSVCR70.DLL
2008-12-06 16:39 . 2002-01-05 03:38 54,784 --a------ c:\windows\system32\MSVCI70.DLL
2008-12-06 16:39 . 2006-04-21 10:00 49,152 --a------ c:\windows\system32\PCLEGetGuid.dll
2008-12-06 16:38 . 2008-12-06 16:53 <REP> d-------- c:\documents and settings\All Users\Application Data\Pinnacle Studio
2008-12-06 16:35 . 2008-12-06 16:50 <REP> d-------- c:\program files\Pinnacle
2008-12-06 16:35 . 2008-12-06 16:53 <REP> d-------- c:\documents and settings\All Users\Application Data\Pinnacle
2008-12-06 16:35 . 2005-02-09 12:59 14,165 --a------ c:\windows\system32\drivers\Pclepci.sys
2008-12-06 14:20 . 2008-12-06 14:20 <REP> d-------- c:\documents and settings\Home Sweet Home\Application Data\Media Player Classic
2008-12-06 14:07 . 2008-12-06 14:07 <REP> d-------- c:\program files\K-Lite Codec Pack
2008-12-06 13:40 . 2008-12-06 13:40 <REP> d-------- c:\windows\system32\Lang
2008-12-06 13:39 . 2007-11-20 18:15 1,826,816 --a------ c:\windows\SkyTel.exe
2008-12-06 13:39 . 2006-08-01 15:02 49,152 --a------ c:\windows\system32\ChCfg.exe
2008-12-06 13:39 . 2007-11-14 15:18 553 --a------ c:\windows\USetup.iss
2008-12-06 13:37 . 2008-12-06 13:37 <REP> d-------- c:\program files\Realtek
2008-12-06 13:37 . 2008-12-06 17:03 <REP> d--h----- c:\program files\InstallShield Installation Information
2008-12-06 13:37 . 2008-02-19 15:34 16,858,112 --a------ c:\windows\RTHDCPL.exe
2008-12-06 13:37 . 2007-03-23 19:19 9,715,200 --a------ c:\windows\RTLCPL.exe
2008-12-06 13:37 . 2008-02-26 16:01 4,737,024 --a------ c:\windows\system32\drivers\RtkHDAud.sys
2008-12-06 13:37 . 2006-05-04 16:26 2,821,632 --a------ c:\windows\alcwzrd.exe
2008-12-06 13:37 . 2007-06-28 16:44 2,165,760 --a------ c:\windows\MicCal.exe
2008-12-06 13:37 . 2007-11-07 17:31 1,204,224 --a------ c:\windows\RtlUpd.exe
2008-12-06 13:37 . 2007-07-26 17:09 520,192 --a------ c:\windows\RtlExUpd.dll
2008-12-06 13:37 . 2008-12-06 13:37 315,392 --a------ c:\windows\HideWin.exe
2008-12-06 13:37 . 2005-09-21 10:25 299,008 --a------ c:\windows\system32\ALSndMgr.cpl
2008-12-06 13:37 . 2006-08-18 06:58 282,624 --a------ c:\windows\system32\RTSndMgr.cpl
2008-12-06 13:37 . 2006-07-21 16:14 131,072 --a------ c:\windows\SoundMan.exe
2008-12-06 13:37 . 2005-05-03 18:43 81,920 --a------ c:\windows\Alcmtr.exe
2008-12-06 13:36 . 2008-12-06 16:41 <REP> d-------- c:\program files\Fichiers communs\InstallShield
2008-12-06 13:19 . 2008-12-06 13:21 <REP> d-------- c:\program files\Windows Live Safety Center
2008-12-05 19:00 . 2008-12-05 19:00 13,646 --a------ c:\windows\system32\wpa.bak
2008-12-02 21:21 . 2004-08-04 00:54 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-02 21:21 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-02 19:23 . 2008-12-02 19:23 <REP> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-12-02 19:23 . 2008-12-02 19:23 214 --a------ c:\windows\HP_48BitScanUpdatePatch.ini
2008-12-02 19:18 . 2008-12-02 19:18 <REP> d-------- c:\documents and settings\Home Sweet Home\WINDOWS
2008-12-02 19:18 . 1996-11-22 11:16 284,160 --a------ c:\windows\uninst.exe
2008-12-02 19:18 . 2008-12-02 19:18 221 --a------ c:\windows\HP_RedboxHprblog_HPSU.ini
2008-12-01 22:19 . 2008-12-01 22:19 <REP> d-------- c:\program files\7-Zip
2008-12-01 22:11 . 2008-12-01 22:11 <REP> d-------- c:\program files\MSXML 4.0
2008-12-01 22:11 . 2008-12-01 22:11 <REP> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-01 10:45 . 2008-12-01 11:48 <REP> d-------- c:\windows\system32\CatRoot_bak
2008-12-01 10:41 . 2008-06-14 18:59 272,768 --------- c:\windows\system32\drivers\bthport.sys
2008-12-01 10:41 . 2008-06-14 18:59 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-01 10:37 . 2008-08-14 14:44 2,182,400 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-01 10:37 . 2008-08-14 14:44 2,138,112 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-01 10:37 . 2008-08-14 14:44 2,059,776 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-01 10:37 . 2008-08-14 14:44 2,017,792 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-01 10:36 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-30 23:55 . 2008-12-01 22:17 <REP> d--h----- c:\windows\$hf_mig$
2008-11-30 23:55 . 2006-05-25 10:29 22,752 --a------ c:\windows\system32\spupdsvc.exe
2008-11-30 23:49 . 2008-11-30 23:49 <REP> d-------- c:\windows\nview
2008-11-30 23:49 . 2008-09-17 23:55 453,152 --a------ c:\windows\system32\nvuninst.exe
2008-11-30 23:49 . 2008-09-17 23:55 453,152 --a------ c:\windows\system32\nvudisp.exe
2008-11-30 23:49 . 2008-12-08 22:36 200,712 --a------ c:\windows\system32\nvapps.xml
2008-11-30 23:49 . 2008-09-17 23:55 18,394 --a------ c:\windows\system32\nvdisp.nvu
2008-11-30 23:19 . 2008-11-30 23:19 <REP> d-------- c:\documents and settings\All Users\Application Data\HP
2008-11-30 23:18 . 2008-11-30 23:18 <REP> d-------- c:\program files\Fichiers communs\HP
2008-11-30 23:16 . 2008-11-30 23:16 <REP> d-------- c:\program files\Fichiers communs\Hewlett-Packard
2008-11-30 23:15 . 2005-03-08 05:43 51,120 -ra------ c:\windows\system32\drivers\HPZid412.sys
2008-11-30 23:15 . 2005-03-08 05:43 21,744 -ra------ c:\windows\system32\drivers\HPZius12.sys
2008-11-30 23:15 . 2005-03-08 05:43 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2008-11-30 23:14 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-30 23:14 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-11-30 23:13 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2008-11-30 23:13 . 2004-09-29 12:12 278,584 --a------ c:\windows\system32\HPZidr12.dll
2008-11-30 23:13 . 2004-09-29 12:15 204,800 --a------ c:\windows\system32\HPZipr12.dll
2008-11-30 23:13 . 2007-08-09 08:27 118,784 --a------ c:\windows\system32\HPZipm12.exe
2008-11-30 23:13 . 2004-09-29 12:09 94,208 --a------ c:\windows\system32\HPZipt12.dll
2008-11-30 23:13 . 2004-09-29 12:08 61,440 --a------ c:\windows\system32\HPZinw12.exe
2008-11-30 23:13 . 2004-09-29 12:09 57,344 --a------ c:\windows\system32\HPZisn12.dll
2008-11-30 23:11 . 2008-12-02 19:24 <REP> d-------- c:\program files\HP
2008-11-30 23:09 . 2008-11-30 23:20 113,587 --a------ c:\windows\hpoins07.dat
2008-11-30 23:09 . 2005-05-24 07:50 21,124 --------- c:\windows\hpomdl07.dat
2008-11-30 23:08 . 2008-11-30 23:08 <REP> d-------- c:\documents and settings\Home Sweet Home\Application Data\HP
2008-11-30 22:12 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-11-30 22:12 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-11-30 21:40 . 2008-11-30 23:55 1,419,093 --a------ c:\windows\setupapi.log.0.old
2008-11-30 21:38 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-11-30 21:38 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-11-30 21:38 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-30 21:37 . 2008-11-30 21:37 <REP> d---s---- c:\documents and settings\Home Sweet Home\UserData
2008-11-30 21:03 . 2008-11-30 21:03 <REP> d-------- c:\program files\Fichiers communs\Adobe
2008-11-30 20:59 . 2008-11-30 21:36 <REP> d-------- c:\program files\NOS
2008-11-30 20:59 . 2008-11-30 21:36 <REP> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-11-30 20:47 . 2008-11-30 20:51 <REP> d-------- c:\documents and settings\Home Sweet Home\Contacts
2008-11-30 20:44 . 2008-11-30 20:44 <REP> d----c--- c:\windows\system32\DRVSTORE
2008-11-30 20:41 . 2008-11-30 20:44 <REP> d-------- c:\program files\Windows Live
2008-11-30 20:41 . 2008-11-30 20:42 <REP> d--hsc--- c:\program files\Fichiers communs\WindowsLiveInstaller
2008-11-30 20:41 . 2008-11-30 20:41 <REP> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-30 20:39 . 2008-11-30 21:36 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-11-30 20:39 . 2008-12-01 22:00 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-30 20:22 . 2008-11-30 20:22 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-30 20:22 . 2008-11-30 20:22 <REP> d-------- c:\documents and settings\Home Sweet Home\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 18:08 182,912 ----a-w c:\windows\system32\drivers\ndis.sys
2008-11-30 15:43 --------- d-----w c:\program files\Avira
2008-11-30 15:43 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2008-11-30 15:28 --------- d-----w c:\program files\microsoft frontpage
2008-11-30 15:23 --------- d-----w c:\documents and settings\Home Sweet Home\Application Data\Microsoft Web Folders
2008-11-30 15:10 --------- d-----w c:\program files\Services en ligne
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 58880]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-11-26 1406192]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"reader_s"="c:\windows\System32\reader_s.exe" [2008-12-08 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 344321]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-11 449536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-06 294912]
"reader_s"="c:\windows\System32\reader_s.exe" [2008-12-08 24576]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 c:\windows\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 c:\windows\alcwzrd.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 58880]
"jrffrtrw.exe"="c:\windows\jrffrtrw.exe" [2008-12-08 3584]
"reader_s"="c:\windows\System32\reader_s.exe" [2008-12-08 24576]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 294912]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2003-04-17 77876]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"VIDC.MJPG"= Pvmjpg30.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=

S1 ethpshze;ethpshze;c:\windows\system32\drivers\ethpshze.sys [2008-12-08 136032]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 22:36:56
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Heure de fin: 2008-12-08 22:38:38 - La machine a redémarré [Home Sweet Home]
ComboFix-quarantined-files.txt 2008-12-08 21:38:34

Avant-CF: 187,300,798,464 octets libres
Après-CF: 187,191,926,784 octets libres

256 --- E O F --- 2008-12-06 08:06:05
Contenus similaires
13 Décembre 2008 17:21:37

y a personne pour m'aider?
6 Janvier 2009 09:18:09

J'ai résolu le probleme en formatant le pc
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS